All the vulnerabilites related to Oracle - MySQL Server
var-202106-0521
Vulnerability from variot
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes Advisory ID: RHSA-2022:1081-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081 Issue date: 2022-03-28 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3521 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-3999 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-42574 CVE-2021-43565 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23806 CVE-2022-24407 ==================================================================== 1. Summary:
Gatekeeper Operator v0.2
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:
-
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
installPlanApprovalset toAutomatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting forinstallPlanApprovaltomanual, then you must view each cluster to manually approve the upgrade to the operator.
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
-
- Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.
Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.
- Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
- References:
https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate https://open-policy-agent.github.io/gatekeeper/website/docs/howto/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43 9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07 +jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb 1PnhEG7/jO4=XPu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
An update for curl is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TELNET stack contents disclosure (CVE-2021-22898)
-
curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. 1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure 1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
- Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- This update provides the corresponding updates for Ubuntu 16.04 ESM. Solution:
OSP 16.2.z Release - OSP Director Operator Containers
- Bugs fixed (https://bugzilla.redhat.com/):
2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
CVE-2021-3795 semver-regex: inefficient regular expression complexity
-
CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
Related bugs:
-
RHACM 2.2.10 images (Bugzilla #2013652)
-
Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports
- Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert FluentdNodeDown always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
- ========================================================================== Ubuntu Security Notice USN-5894-1 February 27, 2023
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in curl. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925)
It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-43552)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm7 libcurl3 7.47.0-1ubuntu2.19+esm7 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm7 libcurl3-nss 7.47.0-1ubuntu2.19+esm7
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm14 libcurl3 7.35.0-1ubuntu2.20+esm14 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm14 libcurl3-nss 7.35.0-1ubuntu2.20+esm14
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.25"
},
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.76.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.34"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.047"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.7"
},
{
"model": "essbase",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "oracle essbase server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "mysql",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "guacamole",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "164967"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-22898",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2021-22898",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.1,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-22898",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22898",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2021-22898",
"trust": 0.8,
"value": "Low"
},
{
"author": "VULMON",
"id": "CVE-2021-22898",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes\nAdvisory ID: RHSA-2022:1081-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1081\nIssue date: 2022-03-28\nCVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n CVE-2019-19603 CVE-2019-20838 CVE-2020-12762\n CVE-2020-13435 CVE-2020-14155 CVE-2020-16135\n CVE-2020-24370 CVE-2021-3200 CVE-2021-3445\n CVE-2021-3521 CVE-2021-3580 CVE-2021-3712\n CVE-2021-3800 CVE-2021-3999 CVE-2021-20231\n CVE-2021-20232 CVE-2021-22876 CVE-2021-22898\n CVE-2021-22925 CVE-2021-23177 CVE-2021-28153\n CVE-2021-31566 CVE-2021-33560 CVE-2021-36084\n CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n CVE-2021-42574 CVE-2021-43565 CVE-2022-23218\n CVE-2022-23219 CVE-2022-23308 CVE-2022-23806\n CVE-2022-24407\n====================================================================\n1. Summary:\n\nGatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43\n9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG\nk7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D\nmrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07\n+jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr\nKo/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx\nceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q\nLimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej\nmcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH\nvsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK\nlYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb\n1PnhEG7/jO4=XPu4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TELNET stack contents disclosure (CVE-2021-22898)\n\n* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n(CVE-2021-22925)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. \n1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure\n1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. This update provides\nthe corresponding updates for Ubuntu 16.04 ESM. Solution:\n\nOSP 16.2.z Release - OSP Director Operator Containers\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025995 - Rebase tech preview on latest upstream v1.2.x branch\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2036784 - osp controller (fencing enabled) in downed state after system manual crash test\n\n5. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of\nCVE-2019-10747\n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1997017 - unprivileged client fails to get guest agent data\n1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import\n2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed\n2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion\n2007336 - 4.8.3 containers\n2007776 - Failed to Migrate Windows VM with CDROM (readonly)\n2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues\n2026881 - [4.8.3] vlan-filtering is getting applied on veth ports\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6. ==========================================================================\nUbuntu Security Notice USN-5894-1\nFebruary 27, 2023\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue was only fixed\nin Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925)\n\nIt was discovered that curl incorrectly handled denials when using HTTP\nproxies. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2022-43552)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n curl 7.47.0-1ubuntu2.19+esm7\n libcurl3 7.47.0-1ubuntu2.19+esm7\n libcurl3-gnutls 7.47.0-1ubuntu2.19+esm7\n libcurl3-nss 7.47.0-1ubuntu2.19+esm7\n\nUbuntu 14.04 ESM:\n curl 7.35.0-1ubuntu2.20+esm14\n libcurl3 7.35.0-1ubuntu2.20+esm14\n libcurl3-gnutls 7.35.0-1ubuntu2.20+esm14\n libcurl3-nss 7.35.0-1ubuntu2.20+esm14\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "171153"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22898",
"trust": 3.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/07/21/4",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.0
},
{
"db": "HACKERONE",
"id": "1176461",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2021-22898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164886",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171153",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"id": "VAR-202106-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30092594
},
"last_update_date": "2024-09-17T20:42:53.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022",
"trust": 0.8,
"url": "https://lists.apache.org/thread/ypcjpttlozwxngl5s2x4gco3hnbmx1t8"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22898: TELNET stack contents disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=06890b233289ebfb9c405fee6437c7b1"
},
{
"title": "Red Hat: CVE-2021-22898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22898"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1509",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1509"
},
{
"title": "Arch Linux Advisories: [ASA-202106-9] lib32-libcurl-gnutls: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-9"
},
{
"title": "Arch Linux Advisories: [ASA-202106-8] libcurl-gnutls: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-8"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1653",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1653"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22898 log"
},
{
"title": "Arch Linux Advisories: [ASA-202106-4] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-4"
},
{
"title": "Arch Linux Advisories: [ASA-202106-7] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-7"
},
{
"title": "Arch Linux Advisories: [ASA-202106-5] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-5"
},
{
"title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
},
{
"title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
},
{
"title": "Arch Linux Advisories: [ASA-202106-6] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-6"
},
{
"title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
},
{
"title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
},
{
"title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1700",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1700"
},
{
"title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220434 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220318 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220842 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221081 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220580 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "CVE-2021-22898",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-22898 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-22898 "
},
{
"title": "trivy-operator",
"trust": 0.1,
"url": "https://github.com/devopstales/trivy-operator "
},
{
"title": "log4jnotes",
"trust": 0.1,
"url": "https://github.com/kenlavbah/log4jnotes "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-909",
"trust": 1.0
},
{
"problemtype": "Inadequate resource initialization (CWE-909) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.0,
"url": "https://curl.se/docs/cve-2021-22898.html"
},
{
"trust": 1.0,
"url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"
},
{
"trust": 1.0,
"url": "https://hackerone.com/reports/1176461"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pooc3uv7v6l4cj5ka2ptwtnuv5y72t3q/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.0,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1081"
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5894-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"date": "2022-03-28T15:52:16",
"db": "PACKETSTORM",
"id": "166489"
},
{
"date": "2021-11-10T17:12:32",
"db": "PACKETSTORM",
"id": "164886"
},
{
"date": "2022-01-20T17:49:14",
"db": "PACKETSTORM",
"id": "165633"
},
{
"date": "2022-03-15T15:41:45",
"db": "PACKETSTORM",
"id": "166308"
},
{
"date": "2021-12-09T14:50:37",
"db": "PACKETSTORM",
"id": "165209"
},
{
"date": "2021-12-03T16:41:45",
"db": "PACKETSTORM",
"id": "165135"
},
{
"date": "2021-11-15T17:25:56",
"db": "PACKETSTORM",
"id": "164967"
},
{
"date": "2023-02-28T16:45:47",
"db": "PACKETSTORM",
"id": "171153"
},
{
"date": "2021-06-11T16:15:11.043000",
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"date": "2022-03-07T02:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"date": "2024-03-27T15:47:36.380000",
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "171153"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in resource initialization deficiency in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bypass",
"sources": [
{
"db": "PACKETSTORM",
"id": "165209"
}
],
"trust": 0.1
}
}
var-202012-1527
Vulnerability from variot
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5639-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5639 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: openssl-1.0.1e-52.el7_2.src.rpm
x86_64: openssl-1.0.1e-52.el7_2.x86_64.rpm openssl-debuginfo-1.0.1e-52.el7_2.i686.rpm openssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm openssl-devel-1.0.1e-52.el7_2.i686.rpm openssl-devel-1.0.1e-52.el7_2.x86_64.rpm openssl-libs-1.0.1e-52.el7_2.i686.rpm openssl-libs-1.0.1e-52.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: openssl-debuginfo-1.0.1e-52.el7_2.i686.rpm openssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm openssl-perl-1.0.1e-52.el7_2.x86_64.rpm openssl-static-1.0.1e-52.el7_2.i686.rpm openssl-static-1.0.1e-52.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX+COUtzjgjWX9erEAQjvtg/+LUJPrgKmxKa/B2r2OET/gFNmyJk6X18m YPbtDtGtJ+Vd/Nl3+6PR/G9lk0iir2wRdNCIDq8vPLyX4Mtr0DDbxsGRyK3SHGSl LwgAC+Hn6wAswsET68PbABC1ivswyQ3L6uRA/Ln65RamNc6Dtj7CYB0ntWUxRPN1 rpVhiR/PyPFH9JaiOHydTxv0TikZ2aQ93iO8Jpwnd4DVrA8e1nx0JbWK+UES+6b/ GPOPJ0jPCIgLRSIltRpfG/WIxbOswyO1k2/y15Uvri7ck+YStfi7X21ThT2ObtwV HA730TiihaV1jlgOWOk6pfNGepECFy7nTG0BBWD84nMLKbhgNu6XgS6QXzIgI7V3 vA4tTHK7Uo/+XSBZfqiwrHVMZYiDQ5C0xEvZa5YzU61K0cpho51XGQeXEu4MEhf9 HQLAgv3+PoOAacfBhWl2MwVpKLVwLiDHf8hlnPIPt1H2/JCoielGYYvwJRg01o6H GvHZ1vArJEud0rOTdJ8cstaW+G8Zb5SP/bNDSGDqw1sWHGMyQjpL/f92vYiHv3Ea Q07bPWyEQe9/nuNu+fXwQu7c3ogmbAIiOxy3rqChtUyO5YlOeA0mYRlu7DpSdHBS 3ckxKRB6coLOqto3nigbxkXB4EHfz1pasUyZeHt1gLmh6+2einghO7YDpNU0+XKU clXuV5JEVE8= =FkM6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3
- Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system
Bug Fix(es):
-
Configuring the system with non-RT kernel will hang the system (BZ#1923220)
-
Bugs fixed (https://bugzilla.redhat.com/):
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
- JIRA issues fixed (https://issues.jboss.org/):
CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
The compliance-operator image updates are now available for OpenShift Container Platform 4.6.
This advisory provides the following updates among others:
- Enhances profile parsing time.
- Fixes excessive resource consumption from the Operator.
- Fixes default content image.
- Fixes outdated remediation handling. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request.
1891285 - Common templates and kubevirt-config cm - update machine-type
1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error
1892227 - [SSP] cluster scoped resources are not being reconciled
1893278 - openshift-virtualization-os-images namespace not seen by user
1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza
1894428 - Message for VMI not migratable is not clear enough
1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium
1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import
1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1898072 - Add Fedora33 to Fedora common templates
1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail
1899558 - CNV 2.6 - nmstate fails to set state
1901480 - VM disk io can't worked if namespace have label kubemacpool
1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1903014 - hco-webhook pod in CreateContainerError
1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode
1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default"
1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers
1907151 - kubevirt version is not reported correctly via virtctl
1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6
1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume
1907988 - VM loses dynamic IP address of its default interface after migration
1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity
1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error
1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO
1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-')
1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface
1911662 - el6 guests don't work properly if virtio bus is specified on various devices
1912908 - Allow using "scsi" bus for disks in template validation
1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails
1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user
1913717 - Users should have read permitions for golden images data volumes
1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes
1914177 - CNV does not preallocate blank file data volumes
1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes
1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer
1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block
1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored
1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
1920576 - HCO can report ready=true when it failed to create a CR for a component operator
1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool
1927373 - NoExecute taint violates pdb; VMIs are not live migrated
1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade
- ========================================================================== Ubuntu Security Notice USN-4662-1 December 08, 2020
openssl, openssl1.0 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
OpenSSL could be made to crash if it processed specially crafted input.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.1
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.1
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.5 libssl1.1 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.18
After a standard system update you need to reboot your computer to make all the necessary changes. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Bugs fixed (https://bugzilla.redhat.com/):
1888393 - Alert ElasticsearchBulkRequestsRejectionJumps never gets pending/firing due to there is no bulk thread pool.
1890801 - Changes on spec.logStore.elasticsearch.nodeCount not reflected when decreasing the number of nodes
1892794 - Reduce log chatter in cluster logging operator
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1901299 - Change ES Operator CSV to clarify the scope for this Operator
1907519 - [logforward]error_class=ArgumentError error="time must be a Fluent::EventTime (or Integer): Float"
1909614 - Old kibana index causing crashloop
1909616 - Facing error "Cannot authenticate user because admin user is not permitted to login via HTTP" in OCP 4.5.20
1913104 - Placeholder bug for OCP 4.6.0 extras release
- Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index
- Bugs fixed (https://bugzilla.redhat.com/):
1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0
Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20201208.txt
For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u4.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/PmNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SrxA//cDd0JVO9bdkBLrjg3bh2ibaL7rZxWM2kDOZxQ9dTyuNKHXpk72EQN7bo YzYUOphu8Pea/v2E2bA0VzKka56lu1zmA1r2xXyZoK3YWoyVAdQe/AbrsNZh+k5U iZ9U5VeBNmb78vZqalFnecZBAhmPBmFKmE4yc7qhj+G1XGO+/yuRL8sBGpK3WKDX dj31X8+YlEfidj9LKj0mER1XpjaE7soWnmlFA8vI/cjBLnvWo4MyXUbicW2r028C KB/ACbp5BzXiZkcv45Dmk73Wp2GtMPamF3iL6VBNkEy5cBXvvD+WQCJLr87w+zHr Abvfz8UXvJnsD/qP7nEuQkMBDiZPeCIOe1lGtiNtU0oeDn1i9akVZ3pEtOf3azJ+ ZQRrxPY+qwWRenuf2CLBUzIzWh+9wUy3ZIOxSycBoqn1xN//EaZ38PNLpiYl2llM 1RyuvMn7jMo5Ow6keJ7ohIfY0FD3LNJId5Sf4EPfJHy/EAe/qSf+/WXXvLQAlMdg 0zkzBXSCHPlhOm4NgF+LuGqpyd10OK6O7C1eo2xejylohV1UJUXU+2CQfa2HQ0o4 eV5aYOsVEBPBIxedCd/XyVNCPrStetLhdP8kjASznPkIKcw1L7GW0SongEt6+7T+ csanRpBW+PoDRofOjop+zTAFesQLt/q7w2sjZCg2Wj/hEN6PeCs= =eV7T -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.60.3"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.4"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "ef600a",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.2"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1i"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.22"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.3"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.4"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.32"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.20.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2x"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "aff a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "nessus network monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "scz8.2.5"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "manageability software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.23.1"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.22"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160638"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161390"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161429"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161003"
},
{
"db": "PACKETSTORM",
"id": "160961"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
}
],
"trust": 1.4
},
"cve": "CVE-2020-1971",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-1971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-173115",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2020-1971",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1971",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173115",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2020:5639-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5639\nIssue date: 2020-12-21\nCVE Names: CVE-2020-1971 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nopenssl-1.0.1e-52.el7_2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-52.el7_2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-52.el7_2.i686.rpm\nopenssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm\nopenssl-devel-1.0.1e-52.el7_2.i686.rpm\nopenssl-devel-1.0.1e-52.el7_2.x86_64.rpm\nopenssl-libs-1.0.1e-52.el7_2.i686.rpm\nopenssl-libs-1.0.1e-52.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-52.el7_2.i686.rpm\nopenssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm\nopenssl-perl-1.0.1e-52.el7_2.x86_64.rpm\nopenssl-static-1.0.1e-52.el7_2.i686.rpm\nopenssl-static-1.0.1e-52.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX+COUtzjgjWX9erEAQjvtg/+LUJPrgKmxKa/B2r2OET/gFNmyJk6X18m\nYPbtDtGtJ+Vd/Nl3+6PR/G9lk0iir2wRdNCIDq8vPLyX4Mtr0DDbxsGRyK3SHGSl\nLwgAC+Hn6wAswsET68PbABC1ivswyQ3L6uRA/Ln65RamNc6Dtj7CYB0ntWUxRPN1\nrpVhiR/PyPFH9JaiOHydTxv0TikZ2aQ93iO8Jpwnd4DVrA8e1nx0JbWK+UES+6b/\nGPOPJ0jPCIgLRSIltRpfG/WIxbOswyO1k2/y15Uvri7ck+YStfi7X21ThT2ObtwV\nHA730TiihaV1jlgOWOk6pfNGepECFy7nTG0BBWD84nMLKbhgNu6XgS6QXzIgI7V3\nvA4tTHK7Uo/+XSBZfqiwrHVMZYiDQ5C0xEvZa5YzU61K0cpho51XGQeXEu4MEhf9\nHQLAgv3+PoOAacfBhWl2MwVpKLVwLiDHf8hlnPIPt1H2/JCoielGYYvwJRg01o6H\nGvHZ1vArJEud0rOTdJ8cstaW+G8Zb5SP/bNDSGDqw1sWHGMyQjpL/f92vYiHv3Ea\nQ07bPWyEQe9/nuNu+fXwQu7c3ogmbAIiOxy3rqChtUyO5YlOeA0mYRlu7DpSdHBS\n3ckxKRB6coLOqto3nigbxkXB4EHfz1pasUyZeHt1gLmh6+2einghO7YDpNU0+XKU\nclXuV5JEVE8=\n=FkM6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nDownload the release images via:\n\nquay.io/redhat/quay:v3.3.3\nquay.io/redhat/clair-jwt:v3.3.3\nquay.io/redhat/quay-builder:v3.3.3\nquay.io/redhat/clair:v3.3.3\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905758 - CVE-2020-27831 quay: email notifications authorization bypass\n1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1124 - NVD feed is broken for latest Clair v2 version\n\n6. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up\n1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference\n1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up\n1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system\n\n5. \n\nBug Fix(es):\n\n* Configuring the system with non-RT kernel will hang the system\n(BZ#1923220)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs\nCNF-854 - Performance tests in CNF Tests\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThe compliance-operator image updates are now available for OpenShift\nContainer Platform 4.6. \n\nThis advisory provides the following updates among others:\n\n* Enhances profile parsing time. \n* Fixes excessive resource consumption from the Operator. \n* Fixes default content image. \n* Fixes outdated remediation handling. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918990 - ComplianceSuite scans use quay content image for initContainer\n1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present\n1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules\n1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. ==========================================================================\nUbuntu Security Notice USN-4662-1\nDecember 08, 2020\n\nopenssl, openssl1.0 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it processed specially crafted input. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.1\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.5\n libssl1.1 1.1.1-1ubuntu2.1~18.04.7\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Bugs fixed (https://bugzilla.redhat.com/):\n\n1888393 - Alert ElasticsearchBulkRequestsRejectionJumps never gets pending/firing due to there is no `bulk` thread pool. \n1890801 - Changes on spec.logStore.elasticsearch.nodeCount not reflected when decreasing the number of nodes\n1892794 - Reduce log chatter in cluster logging operator\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1901299 - Change ES Operator CSV to clarify the scope for this Operator\n1907519 - [logforward]error_class=ArgumentError error=\"time must be a Fluent::EventTime (or Integer): Float\"\n1909614 - Old kibana index causing crashloop\n1909616 - Facing error \"Cannot authenticate user because admin user is not permitted to login via HTTP\" in OCP 4.5.20\n1913104 - Placeholder bug for OCP 4.6.0 extras release\n\n5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.6/html/serverless_applications/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time\n1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time\n1906381 - Release of OpenShift Serverless Serving 1.12.0\n1906382 - Release of OpenShift Serverless Eventing 1.12.0\n\n5. \n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20201208.txt\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u4. \n\nWe recommend that you upgrade your openssl packages. \n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/PmNRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SrxA//cDd0JVO9bdkBLrjg3bh2ibaL7rZxWM2kDOZxQ9dTyuNKHXpk72EQN7bo\nYzYUOphu8Pea/v2E2bA0VzKka56lu1zmA1r2xXyZoK3YWoyVAdQe/AbrsNZh+k5U\niZ9U5VeBNmb78vZqalFnecZBAhmPBmFKmE4yc7qhj+G1XGO+/yuRL8sBGpK3WKDX\ndj31X8+YlEfidj9LKj0mER1XpjaE7soWnmlFA8vI/cjBLnvWo4MyXUbicW2r028C\nKB/ACbp5BzXiZkcv45Dmk73Wp2GtMPamF3iL6VBNkEy5cBXvvD+WQCJLr87w+zHr\nAbvfz8UXvJnsD/qP7nEuQkMBDiZPeCIOe1lGtiNtU0oeDn1i9akVZ3pEtOf3azJ+\nZQRrxPY+qwWRenuf2CLBUzIzWh+9wUy3ZIOxSycBoqn1xN//EaZ38PNLpiYl2llM\n1RyuvMn7jMo5Ow6keJ7ohIfY0FD3LNJId5Sf4EPfJHy/EAe/qSf+/WXXvLQAlMdg\n0zkzBXSCHPlhOm4NgF+LuGqpyd10OK6O7C1eo2xejylohV1UJUXU+2CQfa2HQ0o4\neV5aYOsVEBPBIxedCd/XyVNCPrStetLhdP8kjASznPkIKcw1L7GW0SongEt6+7T+\ncsanRpBW+PoDRofOjop+zTAFesQLt/q7w2sjZCg2Wj/hEN6PeCs=\n=eV7T\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1971"
},
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "PACKETSTORM",
"id": "160638"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161390"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161429"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "161003"
},
{
"db": "PACKETSTORM",
"id": "160961"
},
{
"db": "PACKETSTORM",
"id": "168955"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1971",
"trust": 2.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/14/2",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA44676",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "160961",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160414",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160605",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161525",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160499",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161379",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160636",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160704",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160523",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160882",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160410",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4104",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0111",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0099",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0319",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0584",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0184.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0160",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4394",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4426.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0184",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4385",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4426.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4514",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0212",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0670",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4320",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1207",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071618",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072165",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101259",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021120313",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101929",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042259",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042618",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051226",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-336-06",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161003",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160638",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161390",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161382",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161004",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160654",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161387",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160569",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161389",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160639",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161011",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-173115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161548",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161429",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168955",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "PACKETSTORM",
"id": "160638"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161390"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161429"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "161003"
},
{
"db": "PACKETSTORM",
"id": "160961"
},
{
"db": "PACKETSTORM",
"id": "168955"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"id": "VAR-202012-1527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:26:14.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenSSL Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137225"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-openssl-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4426.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4365/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160499/red-hat-security-advisory-2020-5422-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160605/red-hat-security-advisory-2020-5623-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0212/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "http-request-smuggling-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-multiple-denial-of-service-and-"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071618"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161525/ubuntu-security-notice-usn-4745-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4394/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-1971-cve-2020-15999-cve-2017-12652/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1618"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4426.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490837"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0184/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160636/red-hat-security-advisory-2020-5637-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0160/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051226"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101929"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6486087"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072165"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4104"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-vulnerabilities-cve-2020-1971-cve-2020-8265-and-cve-2020-8287/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101259"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160882/red-hat-security-advisory-2021-0056-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160916/red-hat-security-advisory-2021-0083-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720109"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4320/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160410/openssl-toolkit-1.1.1i.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060315"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0670"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6507579"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160523/red-hat-security-advisory-2020-5476-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4385/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160414/ubuntu-security-notice-usn-4662-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0111/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021120313"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042618"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042259"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0233/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-general-name-cmp-34055"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161379/red-hat-security-advisory-2021-0486-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-1971"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0184.2"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2020-1968-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6522990"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1968-vulnerability-in-openssl-may-affect-ibm-workload-scheduler-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-dos-vulnerability-in-openssl-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4514/"
},
{
"trust": 0.6,
"url": "http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160704/gentoo-linux-security-advisory-202012-13.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490373"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6479353"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971-2/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10726"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10726"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4662-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28367"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28367"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openssl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "PACKETSTORM",
"id": "160638"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161390"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161429"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "161003"
},
{
"db": "PACKETSTORM",
"id": "160961"
},
{
"db": "PACKETSTORM",
"id": "168955"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "PACKETSTORM",
"id": "160638"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "161390"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161429"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "161003"
},
{
"db": "PACKETSTORM",
"id": "160961"
},
{
"db": "PACKETSTORM",
"id": "168955"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173115"
},
{
"date": "2020-12-21T17:29:16",
"db": "PACKETSTORM",
"id": "160638"
},
{
"date": "2021-01-11T16:29:48",
"db": "PACKETSTORM",
"id": "160889"
},
{
"date": "2021-02-11T15:26:00",
"db": "PACKETSTORM",
"id": "161390"
},
{
"date": "2021-02-25T15:30:03",
"db": "PACKETSTORM",
"id": "161548"
},
{
"date": "2021-02-16T15:44:48",
"db": "PACKETSTORM",
"id": "161429"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2020-12-09T16:09:14",
"db": "PACKETSTORM",
"id": "160414"
},
{
"date": "2021-01-19T14:42:53",
"db": "PACKETSTORM",
"id": "161003"
},
{
"date": "2021-01-15T15:06:55",
"db": "PACKETSTORM",
"id": "160961"
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168955"
},
{
"date": "2020-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"date": "2020-12-08T16:15:11.730000",
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-173115"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-579"
},
{
"date": "2024-06-21T19:15:16.170000",
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-579"
}
],
"trust": 0.6
}
}
var-201607-0654
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup-Restore' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5447",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-5447",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-94266",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5447",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5447",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5447",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-811",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94266",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94266"
},
{
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Backup-Restore\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
},
{
"db": "VULHUB",
"id": "VHN-94266"
},
{
"db": "VULMON",
"id": "CVE-2016-5447"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5447",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91982",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94266",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94266"
},
{
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"id": "VAR-201607-0654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94266"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:17:28.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Component safety affirmative repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63171"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91982"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5447"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5447"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94266"
},
{
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94266"
},
{
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94266"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91982"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"date": "2016-07-21T10:15:02.787000",
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94266"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5447"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91982"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003875"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-811"
},
{
"date": "2017-09-01T01:29:29.460000",
"db": "NVD",
"id": "CVE-2016-5447"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Backup-Restore Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91982"
}
],
"trust": 0.6
}
}
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
-
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
-
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
-
jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
-
jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190)
-
jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
-
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fixes:
-
RHACM 2.1.6 images (BZ#1940581)
-
When generating the import cluster string, it can include unescaped characters (BZ#1934184)
-
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1199-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1199 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
- openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
- openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A vYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ Qw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ gkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7 SWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK CLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX aDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV ddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6 AbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK 1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr hnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl qQeHglPylHU=m11c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 0.8
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:\n\nWindows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n(CVE-2020-35728)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\noadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n(CVE-2020-36184)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n(CVE-2020-36185)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n(CVE-2020-36186)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n(CVE-2020-36187)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n(CVE-2020-36188)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc\ne (CVE-2020-36189)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to javax.swing (CVE-2021-20190)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource\n1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource\n1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS\n1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS\n1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\n1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing\n1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected\n1950894 - Placeholder bug for OCP 4.6.0 extras release\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1199-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1199\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Core Services Pack Apache\nServer 2.4.37 and fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing\n(CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A\nvYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ\nQw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ\ngkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7\nSWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK\nCLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX\naDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV\nddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6\nAbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK\n1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr\nhnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl\nqQeHglPylHU=m11c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 1.9
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.69085685
},
"last_update_date": "2024-09-19T22:06:59.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1202"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-24T17:54:53",
"db": "PACKETSTORM",
"id": "163276"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-26T19:21:56",
"db": "PACKETSTORM",
"id": "162337"
},
{
"date": "2021-04-15T13:49:54",
"db": "PACKETSTORM",
"id": "162196"
},
{
"date": "2021-04-15T13:50:39",
"db": "PACKETSTORM",
"id": "162201"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2024-06-21T19:15:19.710000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2130-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.3
}
}
var-201902-0620
Vulnerability from variot
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition.
cURL/libcURL from 7.36.0 through 7.63.0 are vulnerable. Haxx libcurl is a basket of open source client URL transfer libraries from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.1"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": "lt",
"trust": 0.8,
"vendor": "haxx",
"version": "7.36.0 thats all 7.64.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.5.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.5.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wenxiang Qian of Tencent Blade Team,Siemens ProductCERT reported these vulnerabilities to NCCIC.,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16890",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-127295",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16890",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16890",
"impactScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16890",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16890",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-16890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16890",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-122",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-127295",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-16890",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition. \ncURL/libcURL from 7.36.0 through 7.63.0 are vulnerable. Haxx libcurl is a basket of open source client URL transfer libraries from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n NTLMv2 type-3 header stack buffer overflow. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16890",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 2.1
},
{
"db": "BID",
"id": "106947",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1221",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-127295",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16890",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"id": "VAR-201902-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
}
],
"trust": 0.81363634
},
"last_update_date": "2024-08-14T12:19:06.978000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTLM type-2 out-of-bounds buffer read",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193701 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3882-1"
},
{
"title": "Red Hat: CVE-2018-16890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-16890"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-16890"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "CVE-2018-16890",
"trust": 0.1,
"url": "https://github.com/zjw88282740/CVE-2018-16890 "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
},
{
"problemtype": "CWE-190",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.securityfocus.com/bid/106947"
},
{
"trust": 2.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16890"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.2,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 2.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 2.1,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.1,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 2.1,
"url": "https://curl.haxx.se/docs/cve-2018-16890.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/b780b30d"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10881996"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78786"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159727/red-hat-security-advisory-2020-4298-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/zjw88282740/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59578"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-127295"
},
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106947"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"date": "2019-02-06T20:29:00.243000",
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-127295"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"date": "2019-07-17T08:00:00",
"db": "BID",
"id": "106947"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-122"
},
{
"date": "2023-11-07T02:53:57.803000",
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.6
}
}
var-201607-0653
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'Infrastructure' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0653",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5446",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94265",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5446",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5446",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-810",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94265",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027Infrastructure\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5446",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91998",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94265",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5446",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"id": "VAR-201607-0653",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:27:14.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite Infrastructure Subcomponent security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63170"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91998"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5446"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94265"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91998"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"date": "2016-07-21T10:15:00.757000",
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94265"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91998"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-810"
},
{
"date": "2017-09-01T01:29:29.413000",
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Infrastructure Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
}
],
"trust": 0.6
}
}
var-201607-0652
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'Authentication' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94264",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5445",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5445",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5445",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94264",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027Authentication\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5445",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91991",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94264",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"id": "VAR-201607-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:25:31.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63169"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91991"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5445"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5445"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94264"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91991"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"date": "2016-07-21T10:14:59.303000",
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94264"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91991"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"date": "2017-09-01T01:29:29.367000",
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Authentication Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
}
}
var-201507-0303
Vulnerability from variot
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'Server : Security : Privileges' sub component is affected. This vulnerability affects the following supported versions: 5.5.43 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================ Ubuntu Security Notice USN-2674-1 July 21, 2015
mysql-5.5, mysql-5.6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: mysql-server-5.6 5.6.25-0ubuntu0.15.04.1
Ubuntu 14.10: mysql-server-5.5 5.5.44-0ubuntu0.14.10.1
Ubuntu 14.04 LTS: mysql-server-5.5 5.5.44-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: mysql-server-5.5 5.5.44-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
For the stable distribution (jessie), these problems have been fixed in version 5.5.44-0+deb8u1.
Gentoo Linux Security Advisory GLSA 201610-06
https://security.gentoo.org/
Severity: Normal Title: MySQL and MariaDB: Multiple vulnerabilities Date: October 11, 2016 Bugs: #546724, #555478, #555480, #564170, #564442, #572870, #580832, #580834, #589238, #589346, #593608 ID: 201610-06
Synopsis
Multiple vulnerabilities have been found in MySQL and MariaDB, the worst of which could allow remote attackers to cause a Denial of Service condition or obtain sensitive information. MariaDB is an enhanced, drop-in replacement for MySQL.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 5.6.31 >= 5.6.31 2 dev-db/mariadb < 10.0.27 *> 5.5.51 3 dev-db/mariab >= 10.0.27 ------------------------------------------------------------------- 3 affected packages
Description
Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.31"
All MariaDB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.27"
References
[ 1 ] CVE-2015-2582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582 [ 2 ] CVE-2015-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611 [ 3 ] CVE-2015-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617 [ 4 ] CVE-2015-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620 [ 5 ] CVE-2015-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639 [ 6 ] CVE-2015-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641 [ 7 ] CVE-2015-2643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643 [ 8 ] CVE-2015-2648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648 [ 9 ] CVE-2015-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661 [ 10 ] CVE-2015-4737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737 [ 11 ] CVE-2015-4752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752 [ 12 ] CVE-2015-4756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756 [ 13 ] CVE-2015-4757 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757 [ 14 ] CVE-2015-4767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767 [ 15 ] CVE-2015-4769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769 [ 16 ] CVE-2015-4771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771 [ 17 ] CVE-2015-4772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: mariadb security update Advisory ID: RHSA-2015:1665-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1665.html Issue date: 2015-08-24 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 =====================================================================
- Summary:
Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)
This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)
These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.
All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: mariadb-5.5.44-1.el7_1.src.rpm
x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: mariadb-5.5.44-1.el7_1.src.rpm
x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: mariadb-5.5.44-1.el7_1.src.rpm
ppc64: mariadb-5.5.44-1.el7_1.ppc64.rpm mariadb-bench-5.5.44-1.el7_1.ppc64.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-devel-5.5.44-1.el7_1.ppc.rpm mariadb-devel-5.5.44-1.el7_1.ppc64.rpm mariadb-libs-5.5.44-1.el7_1.ppc.rpm mariadb-libs-5.5.44-1.el7_1.ppc64.rpm mariadb-server-5.5.44-1.el7_1.ppc64.rpm mariadb-test-5.5.44-1.el7_1.ppc64.rpm
s390x: mariadb-5.5.44-1.el7_1.s390x.rpm mariadb-bench-5.5.44-1.el7_1.s390x.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-devel-5.5.44-1.el7_1.s390.rpm mariadb-devel-5.5.44-1.el7_1.s390x.rpm mariadb-libs-5.5.44-1.el7_1.s390.rpm mariadb-libs-5.5.44-1.el7_1.s390x.rpm mariadb-server-5.5.44-1.el7_1.s390x.rpm mariadb-test-5.5.44-1.el7_1.s390x.rpm
x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: mariadb-5.5.44-1.ael7b_1.src.rpm
ppc64le: mariadb-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-bench-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-devel-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-libs-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-server-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-test-5.5.44-1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc64.rpm
s390x: mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-5.5.44-1.el7_1.s390.rpm mariadb-embedded-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390x.rpm
x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-devel-5.5.44-1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: mariadb-5.5.44-1.el7_1.src.rpm
x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV228TXlSAg2UNWIIRAm1mAJ0bzbWNcno0Sy/+xCRBh61u0Og5LQCfYvOB tzK/FpD+vNcUAhqnRuiFgiM= =BpLD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.0"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.20"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.44"
},
{
"model": "junos space",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.5.9"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "170"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "160"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
}
],
"sources": [
{
"db": "BID",
"id": "75837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "133092"
},
{
"db": "PACKETSTORM",
"id": "133091"
},
{
"db": "PACKETSTORM",
"id": "133232"
},
{
"db": "PACKETSTORM",
"id": "133276"
}
],
"trust": 0.4
},
"cve": "CVE-2015-2620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2620",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2620",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2620",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-518",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-80581",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2620",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80581"
},
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. \nThe vulnerability can be exploited over the \u0027MySQL Protocol\u0027 protocol. The \u0027Server : Security : Privileges\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n5.5.43 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================\nUbuntu Security Notice USN-2674-1\nJuly 21, 2015\n\nmysql-5.5, mysql-5.6 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in MySQL. \n\nMySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 14.10. \n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes. \n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n mysql-server-5.6 5.6.25-0ubuntu0.15.04.1\n\nUbuntu 14.10:\n mysql-server-5.5 5.5.44-0ubuntu0.14.10.1\n\nUbuntu 14.04 LTS:\n mysql-server-5.5 5.5.44-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n mysql-server-5.5 5.5.44-0ubuntu0.12.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.44-0+deb8u1. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: MySQL and MariaDB: Multiple vulnerabilities\n Date: October 11, 2016\n Bugs: #546724, #555478, #555480, #564170, #564442, #572870,\n #580832, #580834, #589238, #589346, #593608\n ID: 201610-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in MySQL and MariaDB, the\nworst of which could allow remote attackers to cause a Denial of\nService condition or obtain sensitive information. MariaDB is an\nenhanced, drop-in replacement for MySQL. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/mysql \u003c 5.6.31 \u003e= 5.6.31\n 2 dev-db/mariadb \u003c 10.0.27 *\u003e 5.5.51\n 3 dev-db/mariab \u003e= 10.0.27\n -------------------------------------------------------------------\n 3 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in MySQL and MariaDB. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MySQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mysql-5.6.31\"\n\nAll MariaDB users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mariadb-10.0.27\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-2582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582\n[ 2 ] CVE-2015-2611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611\n[ 3 ] CVE-2015-2617\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617\n[ 4 ] CVE-2015-2620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620\n[ 5 ] CVE-2015-2639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639\n[ 6 ] CVE-2015-2641\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641\n[ 7 ] CVE-2015-2643\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643\n[ 8 ] CVE-2015-2648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648\n[ 9 ] CVE-2015-2661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661\n[ 10 ] CVE-2015-4737\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737\n[ 11 ] CVE-2015-4752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752\n[ 12 ] CVE-2015-4756\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756\n[ 13 ] CVE-2015-4757\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757\n[ 14 ] CVE-2015-4767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767\n[ 15 ] CVE-2015-4769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769\n[ 16 ] CVE-2015-4771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771\n[ 17 ] CVE-2015-4772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: mariadb security update\nAdvisory ID: RHSA-2015:1665-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1665.html\nIssue date: 2015-08-24\nCVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 \n CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 \n CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 \n CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 \n CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 \n CVE-2015-4757 \n=====================================================================\n\n1. Summary:\n\nUpdated mariadb packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. \n\nIt was found that the MySQL client library permitted but did not require\na client to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker\ncould use this flaw to strip the SSL/TLS protection from a connection\nbetween a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server. \nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes. \n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015)\n1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)\n1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)\n1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)\n1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)\n1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)\n1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)\n1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)\n1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)\n1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)\n1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015)\n1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)\n1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015)\n1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015)\n1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)\n1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nmariadb-5.5.44-1.el7_1.src.rpm\n\nx86_64:\nmariadb-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-libs-5.5.44-1.el7_1.i686.rpm\nmariadb-libs-5.5.44-1.el7_1.x86_64.rpm\nmariadb-server-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nmariadb-bench-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-test-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nmariadb-5.5.44-1.el7_1.src.rpm\n\nx86_64:\nmariadb-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-libs-5.5.44-1.el7_1.i686.rpm\nmariadb-libs-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nmariadb-bench-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-server-5.5.44-1.el7_1.x86_64.rpm\nmariadb-test-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nmariadb-5.5.44-1.el7_1.src.rpm\n\nppc64:\nmariadb-5.5.44-1.el7_1.ppc64.rpm\nmariadb-bench-5.5.44-1.el7_1.ppc64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm\nmariadb-devel-5.5.44-1.el7_1.ppc.rpm\nmariadb-devel-5.5.44-1.el7_1.ppc64.rpm\nmariadb-libs-5.5.44-1.el7_1.ppc.rpm\nmariadb-libs-5.5.44-1.el7_1.ppc64.rpm\nmariadb-server-5.5.44-1.el7_1.ppc64.rpm\nmariadb-test-5.5.44-1.el7_1.ppc64.rpm\n\ns390x:\nmariadb-5.5.44-1.el7_1.s390x.rpm\nmariadb-bench-5.5.44-1.el7_1.s390x.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.s390.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm\nmariadb-devel-5.5.44-1.el7_1.s390.rpm\nmariadb-devel-5.5.44-1.el7_1.s390x.rpm\nmariadb-libs-5.5.44-1.el7_1.s390.rpm\nmariadb-libs-5.5.44-1.el7_1.s390x.rpm\nmariadb-server-5.5.44-1.el7_1.s390x.rpm\nmariadb-test-5.5.44-1.el7_1.s390x.rpm\n\nx86_64:\nmariadb-5.5.44-1.el7_1.x86_64.rpm\nmariadb-bench-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-libs-5.5.44-1.el7_1.i686.rpm\nmariadb-libs-5.5.44-1.el7_1.x86_64.rpm\nmariadb-server-5.5.44-1.el7_1.x86_64.rpm\nmariadb-test-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nmariadb-5.5.44-1.ael7b_1.src.rpm\n\nppc64le:\nmariadb-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-bench-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-devel-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-libs-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-server-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-test-5.5.44-1.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nmariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm\nmariadb-embedded-5.5.44-1.el7_1.ppc.rpm\nmariadb-embedded-5.5.44-1.el7_1.ppc64.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.ppc.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.ppc64.rpm\n\ns390x:\nmariadb-debuginfo-5.5.44-1.el7_1.s390.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm\nmariadb-embedded-5.5.44-1.el7_1.s390.rpm\nmariadb-embedded-5.5.44-1.el7_1.s390x.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.s390.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.s390x.rpm\n\nx86_64:\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nmariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-embedded-5.5.44-1.ael7b_1.ppc64le.rpm\nmariadb-embedded-devel-5.5.44-1.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nmariadb-5.5.44-1.el7_1.src.rpm\n\nx86_64:\nmariadb-5.5.44-1.el7_1.x86_64.rpm\nmariadb-bench-5.5.44-1.el7_1.x86_64.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-devel-5.5.44-1.el7_1.x86_64.rpm\nmariadb-libs-5.5.44-1.el7_1.i686.rpm\nmariadb-libs-5.5.44-1.el7_1.x86_64.rpm\nmariadb-server-5.5.44-1.el7_1.x86_64.rpm\nmariadb-test-5.5.44-1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nmariadb-debuginfo-5.5.44-1.el7_1.i686.rpm\nmariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-5.5.44-1.el7_1.x86_64.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm\nmariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0433\nhttps://access.redhat.com/security/cve/CVE-2015-0441\nhttps://access.redhat.com/security/cve/CVE-2015-0499\nhttps://access.redhat.com/security/cve/CVE-2015-0501\nhttps://access.redhat.com/security/cve/CVE-2015-0505\nhttps://access.redhat.com/security/cve/CVE-2015-2568\nhttps://access.redhat.com/security/cve/CVE-2015-2571\nhttps://access.redhat.com/security/cve/CVE-2015-2573\nhttps://access.redhat.com/security/cve/CVE-2015-2582\nhttps://access.redhat.com/security/cve/CVE-2015-2620\nhttps://access.redhat.com/security/cve/CVE-2015-2643\nhttps://access.redhat.com/security/cve/CVE-2015-2648\nhttps://access.redhat.com/security/cve/CVE-2015-3152\nhttps://access.redhat.com/security/cve/CVE-2015-4737\nhttps://access.redhat.com/security/cve/CVE-2015-4752\nhttps://access.redhat.com/security/cve/CVE-2015-4757\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttps://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV228TXlSAg2UNWIIRAm1mAJ0bzbWNcno0Sy/+xCRBh61u0Og5LQCfYvOB\ntzK/FpD+vNcUAhqnRuiFgiM=\n=BpLD\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2620"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "BID",
"id": "75837"
},
{
"db": "VULHUB",
"id": "VHN-80581"
},
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "PACKETSTORM",
"id": "133092"
},
{
"db": "PACKETSTORM",
"id": "132770"
},
{
"db": "PACKETSTORM",
"id": "133091"
},
{
"db": "PACKETSTORM",
"id": "132744"
},
{
"db": "PACKETSTORM",
"id": "133232"
},
{
"db": "PACKETSTORM",
"id": "139061"
},
{
"db": "PACKETSTORM",
"id": "133276"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2620",
"trust": 3.6
},
{
"db": "BID",
"id": "75837",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1032911",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80581",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133091",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139061",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133276",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80581"
},
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "BID",
"id": "75837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "PACKETSTORM",
"id": "133092"
},
{
"db": "PACKETSTORM",
"id": "132770"
},
{
"db": "PACKETSTORM",
"id": "133091"
},
{
"db": "PACKETSTORM",
"id": "132744"
},
{
"db": "PACKETSTORM",
"id": "133232"
},
{
"db": "PACKETSTORM",
"id": "139061"
},
{
"db": "PACKETSTORM",
"id": "133276"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"id": "VAR-201507-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80581"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:38:28.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "RHSA-2015:1630",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-1630.html"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "JSA10698",
"trust": 0.8,
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"title": "Oracle MySQL Server Server:Security:Privileges Subcomponent security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89460"
},
{
"title": "Red Hat: CVE-2015-2620",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-2620"
},
{
"title": "Debian CVElist Bug Report Logs: mysql-5.5: Multiple security fixes from the July 2015 CPU",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=80ce8a549a7222b391a7db7e578bd59a"
},
{
"title": "Ubuntu Security Notice: mysql-5.5, mysql-5.6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2674-1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2015-2620 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 2.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1646.html"
},
{
"trust": 2.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1665.html"
},
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1647.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201610-06"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1629.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1630.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2674-1"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/75837"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3308"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1628.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032911"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2620"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2620"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4737"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2643"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2620"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4752"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2582"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2648"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4757"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-2620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4772"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4771"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4752"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4757"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2661"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2648"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2643"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4769"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2641"
},
{
"trust": 0.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#appendixmsql"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2639"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2611"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4737"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4767"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2582"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2617"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4761"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4756"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4772"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2617"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2641"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2611"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2661"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4769"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4767"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4771"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2639"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4761"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4756"
},
{
"trust": 0.2,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2571"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2568"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0501"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0441"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2573"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0433"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0501"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0433"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0505"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0441"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2568"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0499"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0505"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0499"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2571"
},
{
"trust": 0.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#appendixmsql"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3152"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2015-2620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39985"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2674-1/"
},
{
"trust": 0.1,
"url": "https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.44-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.44-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.44-0ubuntu0.14.10.1"
},
{
"trust": 0.1,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.25-0ubuntu0.15.04.1"
},
{
"trust": 0.1,
"url": "https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4757"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2611"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2641"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4769"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4756"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2617"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2639"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2620"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2643"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4737"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4752"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80581"
},
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "BID",
"id": "75837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "PACKETSTORM",
"id": "133092"
},
{
"db": "PACKETSTORM",
"id": "132770"
},
{
"db": "PACKETSTORM",
"id": "133091"
},
{
"db": "PACKETSTORM",
"id": "132744"
},
{
"db": "PACKETSTORM",
"id": "133232"
},
{
"db": "PACKETSTORM",
"id": "139061"
},
{
"db": "PACKETSTORM",
"id": "133276"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80581"
},
{
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"db": "BID",
"id": "75837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"db": "PACKETSTORM",
"id": "133092"
},
{
"db": "PACKETSTORM",
"id": "132770"
},
{
"db": "PACKETSTORM",
"id": "133091"
},
{
"db": "PACKETSTORM",
"id": "132744"
},
{
"db": "PACKETSTORM",
"id": "133232"
},
{
"db": "PACKETSTORM",
"id": "139061"
},
{
"db": "PACKETSTORM",
"id": "133276"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-80581"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"date": "2015-07-14T00:00:00",
"db": "BID",
"id": "75837"
},
{
"date": "2015-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"date": "2015-08-17T15:38:50",
"db": "PACKETSTORM",
"id": "133092"
},
{
"date": "2015-07-21T23:42:40",
"db": "PACKETSTORM",
"id": "132770"
},
{
"date": "2015-08-17T15:38:38",
"db": "PACKETSTORM",
"id": "133091"
},
{
"date": "2015-07-20T15:45:44",
"db": "PACKETSTORM",
"id": "132744"
},
{
"date": "2015-08-21T16:58:17",
"db": "PACKETSTORM",
"id": "133232"
},
{
"date": "2016-10-12T04:50:26",
"db": "PACKETSTORM",
"id": "139061"
},
{
"date": "2015-08-24T22:05:44",
"db": "PACKETSTORM",
"id": "133276"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"date": "2015-07-16T10:59:43.653000",
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-80581"
},
{
"date": "2022-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2620"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "75837"
},
{
"date": "2015-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003712"
},
{
"date": "2022-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-518"
},
{
"date": "2022-08-29T20:52:50.453000",
"db": "NVD",
"id": "CVE-2015-2620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139061"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle MySQL of MySQL Server In Server : Security : Privileges Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-518"
}
],
"trust": 0.6
}
}
var-201705-3649
Vulnerability from variot
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update Advisory ID: RHSA-2018:2186-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2018:2186 Issue date: 2018-07-12 CVE Names: CVE-2016-2182 CVE-2016-6302 CVE-2016-6306 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
-
openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
-
openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
-
openssl: certificate message OOB reads (CVE-2016-6306)
-
openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
-
openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
-
openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
-
openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
-
openssl: Read/write after SSL object in error state (CVE-2017-3737)
-
openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-372 - Errata for httpd 2.4.29 GA RHEL 6
- Package List:
Red Hat JBoss Core Services on RHEL 6 Server:
Source: jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el6.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.src.rpm jbcs-httpd24-apr-1.6.3-14.jbcs.el6.src.rpm jbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.29-17.jbcs.el6.src.rpm jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.src.rpm jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_jk-1.2.43-1.redhat_1.jbcs.el6.src.rpm jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.src.rpm jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.src.rpm jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.src.rpm
i386: jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apr-1.6.3-14.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.i686.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6.i686.rpm jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6.i686.rpm
noarch: jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el6.noarch.rpm jbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el6.noarch.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-1.6.3-14.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/cve/CVE-2016-7055 https://access.redhat.com/security/cve/CVE-2017-3731 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2017-3737 https://access.redhat.com/security/cve/CVE-2017-3738 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158061 Version: 1
MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-05-09 Last Updated: 2018-05-09
Potential Security Impact: Remote: Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information.
References:
- CVE-2017-3731
- CVE-2017-3732
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35, v9.40, v9.41, v9.50, v9.51
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
MicroFocus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:
SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00916
SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00917
SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00918
SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00919
SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00920
SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00921
For version 9.40, 9.41 please upgrade to SM 9.41.P6:
SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00891
Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00892
Service Manager 9.41.6000 p6 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00893
Service Manager 9.41.6000 p6 - Server for Solaris http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00894
Service Manager 9.41.6000 p6 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00895
For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:
SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00906
Service Manager 9.52.2021 p2 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00907
HISTORY Version:1 (rev.1) - 9 May 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2017 EntIT Software LLC
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJa835FAAoJEHfErXedNUNKuuAH/2T0KwVIuosbbYLqK2+j9XCK m/VzATnAaHyJOTUrjBOsD55FBFHFj7VjGSRUAg+4Yz919LvZhVcgnwB6PfORdNhb JMJoEkNuWfS2DlAT1mPXCyGD+BbQzFSqQma9gTGHSggGQWxUjNNIOC5fZ3kaomh3 nx6E81kdCKmiW/gjWgq/FzITRn3O/P8xjJBCeJuY/kR5lVz0seh2Oi6X5Q+3uFS4 t3DU/1LEqC5HHSJ1JVxpoYIqQ2zTTIm+jKv1/W4zZjHDaTv6vTvoRsbyoQHvt5zx fSyALnnTbXtgz8Furb7YqWpBVQRDhob4wdOOhrREJIHkC6xaCJn9qaHSGQRKM/g= =23tr -----END PGP SIGNATURE----- .
Gentoo Linux Security Advisory GLSA 201702-07
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2k >= 1.0.2k
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k"
References
[ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201702-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--
.
Ubuntu Security Notice USN-3181-1 January 31, 2017
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055)
It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)
Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610)
Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [26 Jan 2017] ========================================
Truncated packet could crash via OOB read (CVE-2017-3731)
Severity: Moderate
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.
For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d
For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k
This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of Google. The fix was developed by Andy Polyakov of the OpenSSL development team.
Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
Severity: Moderate
If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3.
This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
UPDATE 31 Jan 2017. This is not true.
OpenSSL 1.1.0 users should upgrade to 1.1.0d OpenSSL 1.0.2 users should upgrade to 1.0.2k
This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.
Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Severity: Low
This issue was previously fixed in 1.1.0c and covered in security advisory https://www.openssl.org/news/secadv/20161110.txt
OpenSSL 1.0.2 users should upgrade to 1.0.2k
Note
Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20170126.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [27 Mar 2018] ========================================
Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
Severity: Moderate
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Severity: Low
This issue has been reported in a previous OpenSSL security advisory and a fix was provided for OpenSSL 1.0.2.
This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). The issue was originally found via the OSS-Fuzz project
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2e"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.8.1"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.9.5"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "5.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "7.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2f"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.7.3"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "7.5.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "5.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0b"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.9.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0c"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.1.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0a"
},
{
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- manager web console"
},
{
"model": "jp1/integrated management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- service support starter edition"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.1.0d"
},
{
"model": "jp1/it desktop management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "2 - operations director"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.1.0"
},
{
"model": "systemdirector enterprise",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all versions"
},
{
"model": "job management partner 1/integrated management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- service support"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation"
},
{
"model": "job management partner 1/it desktop management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "2 - smart device manager"
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web console"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg all versions"
},
{
"model": "webotx enterprise service bus",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2k"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- manager"
},
{
"model": "jp1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "job management partner 1/performance management - web console",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "job management partner 1/it desktop management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "2 - manager"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "jp1/it desktop management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "2 - smart device manager"
},
{
"model": "jp1/integrated management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- service support"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "job management partner 1/integrated management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- service support advanced edition"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "it operations director",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/service support",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/service support",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "starter edition"
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "jp1/it desktop management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "2 - manager"
},
{
"model": "job management partner 1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express"
},
{
"model": "esmpro/serveragentservice",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all versions (linux edition )"
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- manager web console"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "webotx portal",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise"
},
{
"model": "jp1/integrated management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- service support advanced edition"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.34"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.32"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.28"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.26"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.22"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.35"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.34"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.33"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.1049"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.6.8003"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.5.7958"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.4.7895"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.3.7856"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.3"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.12.3"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10.1"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10"
},
{
"model": "mysql connectors",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.9"
},
{
"model": "mysql connectors",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3.7"
},
{
"model": "jd edwards world security a9.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards world security a9.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards world security a9.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards world security a9.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.7.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.1.0.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.1.1"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller scz7.4.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "communications session border controller scz7.3.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "communications security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5.2"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.2"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.4"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1.2"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5.2"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5.1"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.5"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.2"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1.2"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.3.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "project openssl 1.1.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.405"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.404"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.403"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.402"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.401"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.400"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.4"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.3"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2"
},
{
"model": "email gateway 7.6.405h1165239",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "email gateway 7.6.405h1157986",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.3.2"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.3.1"
},
{
"model": "email gateway 7.6.2h968406",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.1"
},
{
"model": "email gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.9.4.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.7.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.6.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.7.2.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.6.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.5.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.4.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.3.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.2.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.1.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2.0"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "vm virtualbox",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1.20"
},
{
"model": "vm virtualbox",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.38"
},
{
"model": "explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "8.16"
},
{
"model": "project openssl 1.1.0d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "email gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.406-3402.103"
}
],
"sources": [
{
"db": "BID",
"id": "95814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:esmpro_serveragent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:esmpro_serveragentservice",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:express5800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:systemdirector_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:it_operations_director",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_integrated_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_automatic_operation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_integrated_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_it_desktop_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_operation_analytics",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_performance_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_service_support",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSS-Fuzz project",
"sources": [
{
"db": "BID",
"id": "95814"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-3732",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-3732",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3732",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3732",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2017-3732",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nVersions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update\nAdvisory ID: RHSA-2018:2186-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2186\nIssue date: 2018-07-12\nCVE Names: CVE-2016-2182 CVE-2016-6302 CVE-2016-6306\n CVE-2016-7055 CVE-2017-3731 CVE-2017-3732\n CVE-2017-3736 CVE-2017-3737 CVE-2017-3738\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 6 Server - i386, noarch, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n(CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360\nInc.) as the original reporter of CVE-2016-6306. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state\n1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-372 - Errata for httpd 2.4.29 GA RHEL 6\n\n7. Package List:\n\nRed Hat JBoss Core Services on RHEL 6 Server:\n\nSource:\njbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.src.rpm\njbcs-httpd24-apr-1.6.3-14.jbcs.el6.src.rpm\njbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.src.rpm\njbcs-httpd24-httpd-2.4.29-17.jbcs.el6.src.rpm\njbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.src.rpm\njbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.src.rpm\njbcs-httpd24-mod_jk-1.2.43-1.redhat_1.jbcs.el6.src.rpm\njbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.src.rpm\njbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.src.rpm\njbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.src.rpm\njbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.src.rpm\n\ni386:\njbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apr-1.6.3-14.jbcs.el6.i686.rpm\njbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6.i686.rpm\njbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6.i686.rpm\njbcs-httpd24-httpd-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.i686.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6.i686.rpm\njbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6.i686.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6.i686.rpm\njbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6.i686.rpm\njbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6.i686.rpm\njbcs-httpd24-mod_session-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6.i686.rpm\njbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.i686.rpm\njbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6.i686.rpm\njbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6.i686.rpm\n\nnoarch:\njbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el6.noarch.rpm\njbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el6.noarch.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-1.6.3-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-devel-1.6.3-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el6.x86_64.rpm\njbcs-httpd24-httpd-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_session-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el6.x86_64.rpm\njbcs-httpd24-nghttp2-1.29.0-8.jbcs.el6.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el6.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-1.0.2n-11.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/cve/CVE-2016-7055\nhttps://access.redhat.com/security/cve/CVE-2017-3731\nhttps://access.redhat.com/security/cve/CVE-2017-3732\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2017-3737\nhttps://access.redhat.com/security/cve/CVE-2017-3738\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03158061\nVersion: 1\n\nMFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-05-09\nLast Updated: 2018-05-09\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Service Manager. \nThese vulnerabilities have been identified in the OpenSSL open source library\ncomponent and may be exploited to cause disruption of service and\nunauthorized disclosure of information. \n\nReferences:\n\n - CVE-2017-3731\n - CVE-2017-3732\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,\nv9.40, v9.41, v9.50, v9.51\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicroFocus has made the following mitigation information available to resolve\nthe vulnerability for the impacted versions of Service Manager:\n\nFor versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:\n\nSM9.35 P6 packages,\nSM 9.35 AIX Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00916\u003e\n\nSM 9.35 HP Itanium Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00917\u003e\n\nSM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00918\u003e\n\nSM 9.35 Linux Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00919\u003e\n\nSM 9.35 Solaris Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00920\u003e\n\nSM 9.35 Windows Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00921\u003e\n\n\nFor version 9.40, 9.41 please upgrade to SM 9.41.P6:\n\nSM9.41.P6 packages,\nService Manager 9.41.6000 p6 - Server for AIX\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00891\u003e\n\nService Manager 9.41.6000 p6 - Server for HP-UX/IA\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00892\u003e\n\nService Manager 9.41.6000 p6 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00893\u003e\n\nService Manager 9.41.6000 p6 - Server for Solaris\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00894\u003e\n\nService Manager 9.41.6000 p6 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00895\u003e\n\n\nFor version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:\n\nSM9.52.P2 packages,\nService Manager 9.52.2021 p2 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00906\u003e\n\nService Manager 9.52.2021 p2 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00907\u003e\n\nHISTORY\nVersion:1 (rev.1) - 9 May 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://www.microfocus.com/support-and-services/report-security\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJa835FAAoJEHfErXedNUNKuuAH/2T0KwVIuosbbYLqK2+j9XCK\nm/VzATnAaHyJOTUrjBOsD55FBFHFj7VjGSRUAg+4Yz919LvZhVcgnwB6PfORdNhb\nJMJoEkNuWfS2DlAT1mPXCyGD+BbQzFSqQma9gTGHSggGQWxUjNNIOC5fZ3kaomh3\nnx6E81kdCKmiW/gjWgq/FzITRn3O/P8xjJBCeJuY/kR5lVz0seh2Oi6X5Q+3uFS4\nt3DU/1LEqC5HHSJ1JVxpoYIqQ2zTTIm+jKv1/W4zZjHDaTv6vTvoRsbyoQHvt5zx\nfSyALnnTbXtgz8Furb7YqWpBVQRDhob4wdOOhrREJIHkC6xaCJn9qaHSGQRKM/g=\n=23tr\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201702-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: February 14, 2017\n Bugs: #607318\n ID: 201702-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmight allow attackers to access sensitive information. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2k \u003e= 1.0.2k\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker is able to crash applications linked against OpenSSL\nor could obtain sensitive private-key information via an attack against\nthe Diffie-Hellman (DH) ciphersuite. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2k\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-7055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055\n[ 2 ] CVE-2017-3730\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730\n[ 3 ] CVE-2017-3731\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731\n[ 4 ] CVE-2017-3732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201702-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--\n\n. \n===========================================================================\nUbuntu Security Notice USN-3181-1\nJanuary 31, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when\nperforming pointer arithmetic. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other\nreleases were fixed in a previous security update. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. \n(CVE-2016-7055)\n\nIt was discovered that OpenSSL did not properly use constant-time\noperations when performing ECDSA P-256 signing. A remote attacker could\npossibly use this issue to perform a timing attack and recover private\nECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. \nA remote attacker could possibly use this issue to cause OpenSSL to stop\nresponding, resulting in a denial of service. (CVE-2016-8610)\n\nRobert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain\ntruncated packets. While unlikely, a remote attacker could possibly use\nthis issue to recover private keys. This issue only applied to Ubuntu 16.04\nLTS, and Ubuntu 16.10. (CVE-2017-3732)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n libssl1.0.0 1.0.2g-1ubuntu9.1\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.6\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.22\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.39\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [26 Jan 2017]\n========================================\n\nTruncated packet could crash via OOB read (CVE-2017-3731)\n=========================================================\n\nSeverity: Moderate\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific\ncipher is being used, then a truncated packet can cause that server or client\nto perform an out-of-bounds read, usually resulting in a crash. \n\nFor OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;\nusers should upgrade to 1.1.0d\n\nFor Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have\nnot disabled that algorithm should update to 1.0.2k\n\nThis issue was reported to OpenSSL on 13th November 2016 by Robert \u015awi\u0119cki of\nGoogle. The fix was developed by Andy Polyakov of the OpenSSL development team. \n\nBad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n===========================================================\n\nSeverity: Moderate\n\nIf a malicious server supplies bad parameters for a DHE or ECDHE key exchange\nthen this can result in the client attempting to dereference a NULL pointer\nleading to a client crash. This could be exploited in a Denial of Service\nattack. This means the git commit with the fix does not contain the CVE\nidentifier. The relevant fix commit can be identified by commit hash efbe126e3. \n\nThis issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nUPDATE 31 Jan 2017. \nThis is not true. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0d\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\nThis issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. \nThe fix was developed by Andy Polyakov of the OpenSSL development team. \n\nMontgomery multiplication may produce incorrect results (CVE-2016-7055)\n=======================================================================\n\nSeverity: Low\n\nThis issue was previously fixed in 1.1.0c and covered in security advisory\nhttps://www.openssl.org/news/secadv/20161110.txt\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20170126.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \nOpenSSL Security Advisory [27 Mar 2018]\n========================================\n\nConstructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)\n==========================================================================================\n\nSeverity: Moderate\n\nConstructed ASN.1 types with a recursive definition (such as can be found in\nPKCS7) could eventually exceed the stack given malicious input with\nexcessive recursion. There are\nno such structures used within SSL/TLS that come from untrusted sources so this\nis considered safe. \nThis allows an attacker to forge messages that would be considered as\nauthenticated in an amount of tries lower than that guaranteed by the security\nclaims of the scheme. The module can only be compiled by the HP-UX assembler, so\nthat only HP-UX PA-RISC targets are affected. \n\nrsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n=========================================================\n\nSeverity: Low\n\nThis issue has been reported in a previous OpenSSL security advisory and a fix\nwas provided for OpenSSL 1.0.2. \n\nThis only affects processors that support the AVX2 but not ADX extensions\nlike Intel Haswell (4th generation). The issue was originally found via the OSS-Fuzz project",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "BID",
"id": "95814"
},
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "PACKETSTORM",
"id": "148521"
},
{
"db": "PACKETSTORM",
"id": "148525"
},
{
"db": "PACKETSTORM",
"id": "147577"
},
{
"db": "PACKETSTORM",
"id": "141088"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "PACKETSTORM",
"id": "169650"
},
{
"db": "PACKETSTORM",
"id": "169626"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3732",
"trust": 2.9
},
{
"db": "BID",
"id": "95814",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1037717",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2017-04",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92830136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2017-3732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147577",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140850",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169626",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "BID",
"id": "95814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "PACKETSTORM",
"id": "148521"
},
{
"db": "PACKETSTORM",
"id": "148525"
},
{
"db": "PACKETSTORM",
"id": "147577"
},
{
"db": "PACKETSTORM",
"id": "141088"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "PACKETSTORM",
"id": "169650"
},
{
"db": "PACKETSTORM",
"id": "169626"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"id": "VAR-201705-3649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.206875005
},
"last_update_date": "2024-09-18T22:13:39.357000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2018-103",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html"
},
{
"title": "hitachi-sec-2017-115",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html"
},
{
"title": "NV17-011",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-011.html"
},
{
"title": "BN_mod_exp may produce incorrect results on x86_64",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"title": "hitachi-sec-2018-103",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html"
},
{
"title": "hitachi-sec-2017-115",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/01/31/openssl_patches/"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182185 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182575 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182186 - Security Advisory"
},
{
"title": "Red Hat: Moderate: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182713 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182568 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182187 - Security Advisory"
},
{
"title": "Red Hat: CVE-2017-3732",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-3732"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-3732"
},
{
"title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=030cb7ac9266aec85453c1d2339fbc00"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3181-1"
},
{
"title": "Arch Linux Advisories: [ASA-201701-37] openssl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201701-37"
},
{
"title": "Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=1181e052a6a83786d4182d45ddb56d5d"
},
{
"title": "Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=117bc0d26e74d755d85acf15af842eaf"
},
{
"title": "Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201701-36"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d9ab13c871ea2142681c7977b25c5ff"
},
{
"title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2018 \u2013 Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=af4ddb95056d65a4af347aec0f652f0e"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170130-openssl"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=62ef85c9034c17315b7d0a712483c5ea"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=03b0267d78cd8ac1bbb43afc737474f0"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=63bbfc68418161b36080acd59a541d45"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=42a34f9348fc5f34065c6d25764eb2a2"
},
{
"title": "Debian CVElist Bug Report Logs: Security fixes from the July 2017 CPU",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=adc1e0c986afd5f2f3b0797ba936d072"
},
{
"title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
},
{
"title": "Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=16a227df38f44014c9520f3b6cb5344e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2017-04"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dd8c9d5928cc3b1ac8c35b4b24703e38"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2187"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2186"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95814"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037717"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2185"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03838en_us"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2568"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2575"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:2713"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92830136/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/secadv/20170126.txt "
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21999842"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10731657"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3731"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6306"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3738"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3732"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2182"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-7055"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3730"
},
{
"trust": 0.2,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3181-1/"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://www.microfocus.com/support-and-services/report-security"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/km03158061"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/security-vulnerability"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3731"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3730"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7055"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3181-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20161110.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0733"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "BID",
"id": "95814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "PACKETSTORM",
"id": "148521"
},
{
"db": "PACKETSTORM",
"id": "148525"
},
{
"db": "PACKETSTORM",
"id": "147577"
},
{
"db": "PACKETSTORM",
"id": "141088"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "PACKETSTORM",
"id": "169650"
},
{
"db": "PACKETSTORM",
"id": "169626"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"db": "BID",
"id": "95814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"db": "PACKETSTORM",
"id": "148521"
},
{
"db": "PACKETSTORM",
"id": "148525"
},
{
"db": "PACKETSTORM",
"id": "147577"
},
{
"db": "PACKETSTORM",
"id": "141088"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "PACKETSTORM",
"id": "169650"
},
{
"db": "PACKETSTORM",
"id": "169626"
},
{
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"date": "2017-01-26T00:00:00",
"db": "BID",
"id": "95814"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"date": "2018-07-12T21:45:18",
"db": "PACKETSTORM",
"id": "148521"
},
{
"date": "2018-07-12T21:48:57",
"db": "PACKETSTORM",
"id": "148525"
},
{
"date": "2018-05-10T10:11:22",
"db": "PACKETSTORM",
"id": "147577"
},
{
"date": "2017-02-14T17:07:17",
"db": "PACKETSTORM",
"id": "141088"
},
{
"date": "2017-02-01T00:36:45",
"db": "PACKETSTORM",
"id": "140850"
},
{
"date": "2017-01-26T12:12:12",
"db": "PACKETSTORM",
"id": "169650"
},
{
"date": "2018-03-27T12:12:12",
"db": "PACKETSTORM",
"id": "169626"
},
{
"date": "2017-05-04T19:29:00.400000",
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3732"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "95814"
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003156"
},
{
"date": "2022-08-29T20:43:33.220000",
"db": "NVD",
"id": "CVE-2017-3732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "95814"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003156"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "95814"
}
],
"trust": 0.3
}
}
var-202109-1795
Vulnerability from variot
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A use-after-free security issue has been found in the MQTT sending component of curl prior to 7.79.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
USN-5079-1 introduced a regression in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16
In general, a standard system update will make all the necessary changes. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1795",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.78.0"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.73.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.35"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
}
],
"trust": 0.2
},
"cve": "CVE-2021-22945",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22945",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381419",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22945",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22945",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-998",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-381419",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A use-after-free security issue has been found in the MQTT sending component of curl prior to 7.79.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5079-3\nSeptember 21, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5079-1 introduced a regression in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a\nregression on Ubuntu 18.04 LTS. This update fixes the problem. \n\nWe apologize for the inconvenience. A remote attacker could use this issue to cause curl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2021-22945)\n Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. \n When receiving certain responses from servers, curl would continue without\n TLS even when the option to require a successful upgrade to TLS was\n specified. (CVE-2021-22946)\n Patrick Monnerat discovered that curl incorrectly handled responses\n received before STARTTLS. A remote attacker could possibly use this issue\n to inject responses and intercept communications. (CVE-2021-22947)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.16\n libcurl3-gnutls 7.58.0-2ubuntu3.16\n libcurl3-nss 7.58.0-2ubuntu3.16\n libcurl4 7.58.0-2ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22945"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "VULMON",
"id": "CVE-2021-22945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22945",
"trust": 2.3
},
{
"db": "HACKERONE",
"id": "1269242",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164171",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164220",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3022",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091715",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042569",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091514",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091601",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062007",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22945",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "VULMON",
"id": "CVE-2021-22945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"id": "VAR-202109-1795",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381419"
}
],
"trust": 0.30766129
},
"last_update_date": "2024-08-14T13:11:48.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Haxx libcurl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=164671"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22945 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22945"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1269242"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libcurl-reuse-after-free-via-mqtt-sending-36417"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22945"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6495403"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170303/gentoo-linux-security-advisory-202212-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042569"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164220/ubuntu-security-notice-usn-5079-3.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091601"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062007"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091514"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091715"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164171/ubuntu-security-notice-usn-5079-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5079-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q3/166"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5079-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1944120"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "VULMON",
"id": "CVE-2021-22945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381419"
},
{
"db": "VULMON",
"id": "CVE-2021-22945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-381419"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2021-09-15T15:27:42",
"db": "PACKETSTORM",
"id": "164171"
},
{
"date": "2021-09-21T15:39:10",
"db": "PACKETSTORM",
"id": "164220"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"date": "2021-09-23T13:15:08.690000",
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-381419"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-998"
},
{
"date": "2024-03-27T15:04:30.460000",
"db": "NVD",
"id": "CVE-2021-22945"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164171"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-998"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pillow Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201501-0442
Vulnerability from variot
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-3570]
III. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04604357
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04604357 Version: 1
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-19 Last Updated: 2015-03-19
Potential Security Impact: Remote disclosure of information, unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:
The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access.
References:
CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 SSRT101987
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. CVE-2014-3572 and CVE-2015-0204
HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version
10.0 HP IceWall Federation Agent Version 3.0
CVE-2014-3570 and CVE-2014-8275
HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,
and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For HP IceWall products running on RHEL and are using the OS bundled
OpenSSL, RHEL has provided patch or mitigation instructions at the following location:
https://access.redhat.com/articles/1369543
Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch
for OpenSSL from the following location:
https://access.redhat.com/security/cve/CVE-2014-8275
4. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ
ctNumber=OPENSSL11I
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- If possible, do not use EXPORT-grade ciphers on the back-end web
servers.
HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch
release 2)
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If possible, do not use EXPORT-grade ciphers on the LDAP server.
IceWall Federation Agent
- If possible, use "bindings:HTTP-POST" instead of
"bindings:HTTP-Artifact" setting in the service provider meta file. The "bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating with IdP server.
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 19 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. This could lead to a Denial Of Service attack (CVE-2014-3571).
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "powerlinux 7r2",
"scope": "eq",
"trust": 1.2,
"vendor": "ibm",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7200"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7800"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7100"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.1"
},
{
"model": "sparc enterprise m3000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.3"
},
{
"model": "ip38x/fw120",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rev.11.03.08 before"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "sparc enterprise m5000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "agent 8.0"
},
{
"model": "sparc enterprise m9000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.2"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2260"
},
{
"model": "sparc enterprise m4000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.0"
},
{
"model": "ip38x/sr100",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle mobile security suite mss 3.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "agent 8.0 2007 update release 2"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r3"
},
{
"model": "ip38x/3000",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0p"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r2"
},
{
"model": "ip38x/58i",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "3.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "ip38x/1200",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.22 and earlier"
},
{
"model": "ip38x/3500",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.4"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.4"
},
{
"model": "ip38x/n500",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r1"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.2"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 10.0"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.3"
},
{
"model": "ip38x/1210",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1120"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(fujitsu m10-1/m10-4/m10-4s server )"
},
{
"model": "sparc enterprise m8000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "ip38x/5000",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "ip38x/810",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rev.11.01.21 before"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7400"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5200"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7300"
},
{
"model": "powerlinux 7r1",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "power system s822",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "es750",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.00"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205635"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system p270 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7954-24x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "power systems e870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355042540"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.0"
},
{
"model": "one-x client enablement services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "cms",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "17.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-23x)0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli netcool/reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.21"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355041980"
},
{
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5750"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "policycenter",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.2"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power system s814",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.21"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "10.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.e0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "es1500",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "power systems 350.e1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.00"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079450"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "aura communication manager ssp04",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "one-x client enablement services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "norman shark scada protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.03"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205577"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "10g vfsm for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571451.43"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365042550"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571910"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.00"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos os 12.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.3"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.8"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571480"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.6"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073800"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "powerlinux 7r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "norman shark network protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "proxysg sgos",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5.6.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system idataplex dx360 m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63910"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power ese",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "aura utility services sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571460"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571431.43"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.11"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-22x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571470"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056340"
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "power system s824l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365041990"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "flex system interconnect fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "560"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10g vfsm for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "norman shark industrial control system protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power 795",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.51"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571430"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73210"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "1:10g switch for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.10.0"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power system s822l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571450"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504667"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205587"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1.1"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63800"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.41"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter js22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-61x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.20"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.32"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "openssh for gpfs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079460"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.2"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079440"
},
{
"model": "bladecenter js23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571920"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079470"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056330"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571490"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.80"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "bladecenter js43 with feature code",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x8446)0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "power system s824",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7500"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "power systems e880",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.0"
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-42x)0"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "screenos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "2.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.20"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.02"
},
{
"model": "bladecenter js12 express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-60x)0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.50"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "flex system p24l compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "power system s812l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.01"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73230"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "aura conferencing sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363073770"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.10"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "flex system interconnect fabric",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "aura application server sip core sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.01"
},
{
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.40"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "74.90"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "flex system p260 compute node /fc efd9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5950"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "junos os 12.3x48-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054540"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.01"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "550"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350078390"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "management center",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3.2.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504965"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "aura conferencing sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"model": "content analysis system",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2.3.1"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-43x)0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71935"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_core_session_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xcp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:icewall_mcrp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:icewall_sso",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:thinpro_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_107e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1210",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_5000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_58i",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_fw120",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_n500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_sr100",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130985"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 0.6
},
"cve": "CVE-2014-8275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8275",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8275",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8275",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-8275",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. \nLocal attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-3570]\n\nIII. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04604357\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04604357\nVersion: 1\n\nHPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent\nrunning OpenSSL, Remote Disclosure of Information, Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-19\nLast Updated: 2015-03-19\n\nPotential Security Impact: Remote disclosure of information, unauthorized\naccess\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall SSO\nDfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:\n\nThe SSL vulnerability known as \"FREAK\", which could be exploited remotely to\nallow disclosure of information. \nOther vulnerabilities which could be exploited remotely resulting in\nunauthorized access. \n\nReferences:\n\nCVE-2014-3570\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nSSRT101987\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n CVE-2014-3572 and CVE-2015-0204\n\n HP IceWall MCRP Version 2.1 and 3.0\n HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0\n HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version\n10.0\n HP IceWall Federation Agent Version 3.0\n\n CVE-2014-3570 and CVE-2014-8275\n\n HP IceWall MCRP v2.1, v3.0\n HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\n HP recommends the following software updates and workaround instructions to\nresolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and\nFederation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please switch to\nthe OpenSSL library bundled with the OS, and then follow the instructions in\nstep 3. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,\nand SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please\ndownload the updated OpenSSL at the following location:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 3. For HP IceWall products running on RHEL and are using the OS bundled\nOpenSSL, RHEL has provided patch or mitigation instructions at the following\nlocation:\n\n https://access.redhat.com/articles/1369543\n\n Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch\nfor OpenSSL from the following location:\n\n https://access.redhat.com/security/cve/CVE-2014-8275\n\n 4. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update from the following location:\n\n https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ\nctNumber=OPENSSL11I\n\nWORKAROUND INSTRUCTIONS\n\n HP recommends the following information to protect against potential risk\nfrom CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products. \n\n HP IceWall SSO Dfw and MCRP\n\n - If possible, do not use the SHOST setting which allows IceWall SSO\nDfw or MCRP to use SSL/TLS protocol to back-end web servers. \n\n - If possible, do not use EXPORT-grade ciphers on the back-end web\nservers. \n\n HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch\nrelease 2)\n\n - If possible, do not use the LDAPSSL setting which allows IceWall SSO\nCertd to connect to the LDAP server using SSL/TLS protocol. \n\n - If possible, do not use EXPORT-grade ciphers on the LDAP server. \n\n IceWall Federation Agent\n\n - If possible, use \"bindings:HTTP-POST\" instead of\n\"bindings:HTTP-Artifact\" setting in the service provider meta file. The\n\"bindings:HTTP-POST\" setting would disable IWFA to use SSL for communicating\nwith IdP server. \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 19 March 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. This could lead to a Denial\n Of Service attack (CVE-2014-3571). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "BID",
"id": "71935"
},
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "130985"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8275",
"trust": 3.7
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "71935",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU98974537",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91828320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-8275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130545",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "BID",
"id": "71935"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "130985"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"id": "VAR-201501-0442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35468420666666667
},
"last_update_date": "2024-09-17T21:04:42.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT204659"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT204659"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"title": "use correct function name",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
},
{
"title": "Fix various certificate fingerprint issues.",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
},
{
"title": "HPSBHF03289",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04602055"
},
{
"title": "HPSBUX03244 SSRT101885",
"trust": 0.8,
"url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04556853\u0026lang=en\u0026cc=us"
},
{
"title": "HPSBGN03299",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04604357"
},
{
"title": "NV15-017",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
},
{
"title": "Certificate fingerprints can be modified (CVE-2014-8275)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Oracle Third Party Bulletin - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"title": "RHSA-2015:0066",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0066.html"
},
{
"title": "RHSA-2015:0800",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
},
{
"title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20150327b.html"
},
{
"title": "TLSA-2015-2",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2015/TLSA-2015-2j.html"
},
{
"title": "openssl-1.0.1k.tar.gz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53191"
},
{
"title": "openssl-1.0.0p",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53190"
},
{
"title": "openssl-0.9.8zd",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53189"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2014-8275",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-8275"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-04"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "JPN_RIC13351-2",
"trust": 0.1,
"url": "https://github.com/neominds/JPN_RIC13351-2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b"
},
{
"trust": 1.4,
"url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71935"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98974537/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91828320/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8275"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.6,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.3,
"url": "https://github.com/openssl/openssl/commit/ec2fede9467ae1a65f452d3a39f7fbc4891d9285"
},
{
"trust": 0.3,
"url": "https://github.com/openssl/openssl/commit/a8565530e27718760220df469f0a071c85b9e731"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://www.openssl.org"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101010782"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011698"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html#2014-3571"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "http://www.hp.com/jp/icewall_patchaccess"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/1369543"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?produ"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/smh"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "BID",
"id": "71935"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "130985"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"db": "BID",
"id": "71935"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "130985"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71935"
},
{
"date": "2015-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"date": "2015-08-26T01:33:25",
"db": "PACKETSTORM",
"id": "133318"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-03-24T17:03:36",
"db": "PACKETSTORM",
"id": "130985"
},
{
"date": "2015-08-26T01:33:07",
"db": "PACKETSTORM",
"id": "133316"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-07-21T13:37:51",
"db": "PACKETSTORM",
"id": "132763"
},
{
"date": "2015-01-22T01:35:41",
"db": "PACKETSTORM",
"id": "130051"
},
{
"date": "2015-02-26T17:13:09",
"db": "PACKETSTORM",
"id": "130545"
},
{
"date": "2015-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"date": "2015-01-09T02:59:09.413000",
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8275"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71935"
},
{
"date": "2016-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007554"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-170"
},
{
"date": "2017-11-15T02:29:05.437000",
"db": "NVD",
"id": "CVE-2014-8275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Vulnerable to breaking fingerprint-based authentication blacklist protection mechanism",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007554"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-170"
}
],
"trust": 0.6
}
}
var-201904-0029
Vulnerability from variot
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Oracle MySQL is an open source relational database management system from Oracle Corporation of the United States. An attacker could use this vulnerability to cause a denial of service (hang or frequent crashes), affecting the availability of data. These vulnerabilities can be exploited over 'MySQL Protocol' protocol. 8) - aarch64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-mysql80-mysql security update Advisory ID: RHSA-2019:2484-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2484 Issue date: 2019-08-14 CVE Names: CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2530 CVE-2019-2531 CVE-2019-2532 CVE-2019-2533 CVE-2019-2534 CVE-2019-2535 CVE-2019-2536 CVE-2019-2537 CVE-2019-2539 CVE-2019-2580 CVE-2019-2581 CVE-2019-2584 CVE-2019-2585 CVE-2019-2587 CVE-2019-2589 CVE-2019-2592 CVE-2019-2593 CVE-2019-2596 CVE-2019-2606 CVE-2019-2607 CVE-2019-2614 CVE-2019-2617 CVE-2019-2620 CVE-2019-2623 CVE-2019-2624 CVE-2019-2625 CVE-2019-2626 CVE-2019-2627 CVE-2019-2628 CVE-2019-2630 CVE-2019-2631 CVE-2019-2634 CVE-2019-2635 CVE-2019-2636 CVE-2019-2644 CVE-2019-2681 CVE-2019-2683 CVE-2019-2685 CVE-2019-2686 CVE-2019-2687 CVE-2019-2688 CVE-2019-2689 CVE-2019-2691 CVE-2019-2693 CVE-2019-2694 CVE-2019-2695 CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2752 CVE-2019-2755 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780 CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2795 CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801 CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810 CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879 =====================================================================
- Summary:
An update for rh-mysql80-mysql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.17).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
aarch64: rh-mysql80-mysql-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.aarch64.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
aarch64: rh-mysql80-mysql-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.aarch64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.aarch64.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
ppc64le: rh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm rh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm
s390x: rh-mysql80-mysql-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm rh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-mysql80-mysql-8.0.17-1.el7.src.rpm
x86_64: rh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm rh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-2420 https://access.redhat.com/security/cve/CVE-2019-2434 https://access.redhat.com/security/cve/CVE-2019-2436 https://access.redhat.com/security/cve/CVE-2019-2455 https://access.redhat.com/security/cve/CVE-2019-2481 https://access.redhat.com/security/cve/CVE-2019-2482 https://access.redhat.com/security/cve/CVE-2019-2486 https://access.redhat.com/security/cve/CVE-2019-2494 https://access.redhat.com/security/cve/CVE-2019-2495 https://access.redhat.com/security/cve/CVE-2019-2502 https://access.redhat.com/security/cve/CVE-2019-2503 https://access.redhat.com/security/cve/CVE-2019-2507 https://access.redhat.com/security/cve/CVE-2019-2510 https://access.redhat.com/security/cve/CVE-2019-2528 https://access.redhat.com/security/cve/CVE-2019-2529 https://access.redhat.com/security/cve/CVE-2019-2530 https://access.redhat.com/security/cve/CVE-2019-2531 https://access.redhat.com/security/cve/CVE-2019-2532 https://access.redhat.com/security/cve/CVE-2019-2533 https://access.redhat.com/security/cve/CVE-2019-2534 https://access.redhat.com/security/cve/CVE-2019-2535 https://access.redhat.com/security/cve/CVE-2019-2536 https://access.redhat.com/security/cve/CVE-2019-2537 https://access.redhat.com/security/cve/CVE-2019-2539 https://access.redhat.com/security/cve/CVE-2019-2580 https://access.redhat.com/security/cve/CVE-2019-2581 https://access.redhat.com/security/cve/CVE-2019-2584 https://access.redhat.com/security/cve/CVE-2019-2585 https://access.redhat.com/security/cve/CVE-2019-2587 https://access.redhat.com/security/cve/CVE-2019-2589 https://access.redhat.com/security/cve/CVE-2019-2592 https://access.redhat.com/security/cve/CVE-2019-2593 https://access.redhat.com/security/cve/CVE-2019-2596 https://access.redhat.com/security/cve/CVE-2019-2606 https://access.redhat.com/security/cve/CVE-2019-2607 https://access.redhat.com/security/cve/CVE-2019-2614 https://access.redhat.com/security/cve/CVE-2019-2617 https://access.redhat.com/security/cve/CVE-2019-2620 https://access.redhat.com/security/cve/CVE-2019-2623 https://access.redhat.com/security/cve/CVE-2019-2624 https://access.redhat.com/security/cve/CVE-2019-2625 https://access.redhat.com/security/cve/CVE-2019-2626 https://access.redhat.com/security/cve/CVE-2019-2627 https://access.redhat.com/security/cve/CVE-2019-2628 https://access.redhat.com/security/cve/CVE-2019-2630 https://access.redhat.com/security/cve/CVE-2019-2631 https://access.redhat.com/security/cve/CVE-2019-2634 https://access.redhat.com/security/cve/CVE-2019-2635 https://access.redhat.com/security/cve/CVE-2019-2636 https://access.redhat.com/security/cve/CVE-2019-2644 https://access.redhat.com/security/cve/CVE-2019-2681 https://access.redhat.com/security/cve/CVE-2019-2683 https://access.redhat.com/security/cve/CVE-2019-2685 https://access.redhat.com/security/cve/CVE-2019-2686 https://access.redhat.com/security/cve/CVE-2019-2687 https://access.redhat.com/security/cve/CVE-2019-2688 https://access.redhat.com/security/cve/CVE-2019-2689 https://access.redhat.com/security/cve/CVE-2019-2691 https://access.redhat.com/security/cve/CVE-2019-2693 https://access.redhat.com/security/cve/CVE-2019-2694 https://access.redhat.com/security/cve/CVE-2019-2695 https://access.redhat.com/security/cve/CVE-2019-2737 https://access.redhat.com/security/cve/CVE-2019-2738 https://access.redhat.com/security/cve/CVE-2019-2739 https://access.redhat.com/security/cve/CVE-2019-2740 https://access.redhat.com/security/cve/CVE-2019-2752 https://access.redhat.com/security/cve/CVE-2019-2755 https://access.redhat.com/security/cve/CVE-2019-2757 https://access.redhat.com/security/cve/CVE-2019-2758 https://access.redhat.com/security/cve/CVE-2019-2774 https://access.redhat.com/security/cve/CVE-2019-2778 https://access.redhat.com/security/cve/CVE-2019-2780 https://access.redhat.com/security/cve/CVE-2019-2784 https://access.redhat.com/security/cve/CVE-2019-2785 https://access.redhat.com/security/cve/CVE-2019-2789 https://access.redhat.com/security/cve/CVE-2019-2795 https://access.redhat.com/security/cve/CVE-2019-2796 https://access.redhat.com/security/cve/CVE-2019-2797 https://access.redhat.com/security/cve/CVE-2019-2798 https://access.redhat.com/security/cve/CVE-2019-2800 https://access.redhat.com/security/cve/CVE-2019-2801 https://access.redhat.com/security/cve/CVE-2019-2802 https://access.redhat.com/security/cve/CVE-2019-2803 https://access.redhat.com/security/cve/CVE-2019-2805 https://access.redhat.com/security/cve/CVE-2019-2808 https://access.redhat.com/security/cve/CVE-2019-2810 https://access.redhat.com/security/cve/CVE-2019-2811 https://access.redhat.com/security/cve/CVE-2019-2812 https://access.redhat.com/security/cve/CVE-2019-2814 https://access.redhat.com/security/cve/CVE-2019-2815 https://access.redhat.com/security/cve/CVE-2019-2819 https://access.redhat.com/security/cve/CVE-2019-2826 https://access.redhat.com/security/cve/CVE-2019-2830 https://access.redhat.com/security/cve/CVE-2019-2834 https://access.redhat.com/security/cve/CVE-2019-2879 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXVOxPNzjgjWX9erEAQjMXA/9Eihmyr36juKBY8YJ6hqFuMlWDEtXH/uI /6z1r6cjHcLr4FU+qbt/q8lqQ/mKFBrfYgPrZe6RugoC52B4U4Zkt78Vy0WH4uFJ dh2C6eR2IwFp/avJD3m8vaDTL6aHHXOYSiGJCegg5kjmZyXMWHgI6/bVhprwy1k8 +IXNSF9L87Ww/4teTv7L1eKchstpzZd+7V+ZS6JeaD1Cxu6vYV+Nrbo/J3362h1K 3Zf/aromzPBEl9XXzmqJawN/t1twTp2XAhV8is4FzkQ0XAy/0IoFc/GP34MHYZ2R vwyeVehCmwtHBH8JrViQGE5HgeaE8fs7g3DqIefJmswB+NsYvw1rybPtgOhpew+W MIZaKrzFuiYIl3VQMR5VT2ZVerwglle1uP2x/gYvm4LZsqfdJcwBCFiJhDITQ2cw ZKdlBAs3MJtkJJpWn1kAIKcblmUXU4LRZkJtIH+VBpr0NLQVGwJ2UG93jD7Y74tI 3AH1YAaKHXuAjlpDw4qcWQsPnbegPaWesffkNty6+aLdt4y8nJ8IQWm5aMqSU5xW +6MQ9sf2qIRLYj+RFtNQJP+K0sK32DJjtrZuLDWD2Fhg9w9XG6SZxuSTxfVstBqi M42OspadVMdFto1IQuv9/9I7cS9l5srfVnjq7kO6yuENIm7/tJX+tjU4jagbfZ3L zLIpZwaofO8= =dahN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 0.6,
"vendor": "oracle",
"version": "\u003c=8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "BID",
"id": "107913"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "107913"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
}
],
"trust": 0.9
},
"cve": "CVE-2019-2686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-2686",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-11756",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2019-2686",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-2686",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-2686",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-2686",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-11756",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-674",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Oracle MySQL is an open source relational database management system from Oracle Corporation of the United States. An attacker could use this vulnerability to cause a denial of service (hang or frequent crashes), affecting the availability of data. \nThese vulnerabilities can be exploited over \u0027MySQL Protocol\u0027 protocol. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-mysql80-mysql security update\nAdvisory ID: RHSA-2019:2484-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2484\nIssue date: 2019-08-14\nCVE Names: CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 \n CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 \n CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 \n CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 \n CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 \n CVE-2019-2530 CVE-2019-2531 CVE-2019-2532 \n CVE-2019-2533 CVE-2019-2534 CVE-2019-2535 \n CVE-2019-2536 CVE-2019-2537 CVE-2019-2539 \n CVE-2019-2580 CVE-2019-2581 CVE-2019-2584 \n CVE-2019-2585 CVE-2019-2587 CVE-2019-2589 \n CVE-2019-2592 CVE-2019-2593 CVE-2019-2596 \n CVE-2019-2606 CVE-2019-2607 CVE-2019-2614 \n CVE-2019-2617 CVE-2019-2620 CVE-2019-2623 \n CVE-2019-2624 CVE-2019-2625 CVE-2019-2626 \n CVE-2019-2627 CVE-2019-2628 CVE-2019-2630 \n CVE-2019-2631 CVE-2019-2634 CVE-2019-2635 \n CVE-2019-2636 CVE-2019-2644 CVE-2019-2681 \n CVE-2019-2683 CVE-2019-2685 CVE-2019-2686 \n CVE-2019-2687 CVE-2019-2688 CVE-2019-2689 \n CVE-2019-2691 CVE-2019-2693 CVE-2019-2694 \n CVE-2019-2695 CVE-2019-2737 CVE-2019-2738 \n CVE-2019-2739 CVE-2019-2740 CVE-2019-2752 \n CVE-2019-2755 CVE-2019-2757 CVE-2019-2758 \n CVE-2019-2774 CVE-2019-2778 CVE-2019-2780 \n CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 \n CVE-2019-2795 CVE-2019-2796 CVE-2019-2797 \n CVE-2019-2798 CVE-2019-2800 CVE-2019-2801 \n CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 \n CVE-2019-2808 CVE-2019-2810 CVE-2019-2811 \n CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 \n CVE-2019-2819 CVE-2019-2826 CVE-2019-2830 \n CVE-2019-2834 CVE-2019-2879 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-mysql80-mysql is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nrh-mysql80-mysql (8.0.17). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the MySQL server daemon (mysqld) will be\nrestarted automatically. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\naarch64:\nrh-mysql80-mysql-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.aarch64.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\naarch64:\nrh-mysql80-mysql-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.aarch64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.aarch64.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\nppc64le:\nrh-mysql80-mysql-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.ppc64le.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.ppc64le.rpm\n\ns390x:\nrh-mysql80-mysql-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.s390x.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.s390x.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-mysql80-mysql-8.0.17-1.el7.src.rpm\n\nx86_64:\nrh-mysql80-mysql-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-common-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-config-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-debuginfo-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-devel-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-errmsg-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-server-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-syspaths-8.0.17-1.el7.x86_64.rpm\nrh-mysql80-mysql-test-8.0.17-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-2420\nhttps://access.redhat.com/security/cve/CVE-2019-2434\nhttps://access.redhat.com/security/cve/CVE-2019-2436\nhttps://access.redhat.com/security/cve/CVE-2019-2455\nhttps://access.redhat.com/security/cve/CVE-2019-2481\nhttps://access.redhat.com/security/cve/CVE-2019-2482\nhttps://access.redhat.com/security/cve/CVE-2019-2486\nhttps://access.redhat.com/security/cve/CVE-2019-2494\nhttps://access.redhat.com/security/cve/CVE-2019-2495\nhttps://access.redhat.com/security/cve/CVE-2019-2502\nhttps://access.redhat.com/security/cve/CVE-2019-2503\nhttps://access.redhat.com/security/cve/CVE-2019-2507\nhttps://access.redhat.com/security/cve/CVE-2019-2510\nhttps://access.redhat.com/security/cve/CVE-2019-2528\nhttps://access.redhat.com/security/cve/CVE-2019-2529\nhttps://access.redhat.com/security/cve/CVE-2019-2530\nhttps://access.redhat.com/security/cve/CVE-2019-2531\nhttps://access.redhat.com/security/cve/CVE-2019-2532\nhttps://access.redhat.com/security/cve/CVE-2019-2533\nhttps://access.redhat.com/security/cve/CVE-2019-2534\nhttps://access.redhat.com/security/cve/CVE-2019-2535\nhttps://access.redhat.com/security/cve/CVE-2019-2536\nhttps://access.redhat.com/security/cve/CVE-2019-2537\nhttps://access.redhat.com/security/cve/CVE-2019-2539\nhttps://access.redhat.com/security/cve/CVE-2019-2580\nhttps://access.redhat.com/security/cve/CVE-2019-2581\nhttps://access.redhat.com/security/cve/CVE-2019-2584\nhttps://access.redhat.com/security/cve/CVE-2019-2585\nhttps://access.redhat.com/security/cve/CVE-2019-2587\nhttps://access.redhat.com/security/cve/CVE-2019-2589\nhttps://access.redhat.com/security/cve/CVE-2019-2592\nhttps://access.redhat.com/security/cve/CVE-2019-2593\nhttps://access.redhat.com/security/cve/CVE-2019-2596\nhttps://access.redhat.com/security/cve/CVE-2019-2606\nhttps://access.redhat.com/security/cve/CVE-2019-2607\nhttps://access.redhat.com/security/cve/CVE-2019-2614\nhttps://access.redhat.com/security/cve/CVE-2019-2617\nhttps://access.redhat.com/security/cve/CVE-2019-2620\nhttps://access.redhat.com/security/cve/CVE-2019-2623\nhttps://access.redhat.com/security/cve/CVE-2019-2624\nhttps://access.redhat.com/security/cve/CVE-2019-2625\nhttps://access.redhat.com/security/cve/CVE-2019-2626\nhttps://access.redhat.com/security/cve/CVE-2019-2627\nhttps://access.redhat.com/security/cve/CVE-2019-2628\nhttps://access.redhat.com/security/cve/CVE-2019-2630\nhttps://access.redhat.com/security/cve/CVE-2019-2631\nhttps://access.redhat.com/security/cve/CVE-2019-2634\nhttps://access.redhat.com/security/cve/CVE-2019-2635\nhttps://access.redhat.com/security/cve/CVE-2019-2636\nhttps://access.redhat.com/security/cve/CVE-2019-2644\nhttps://access.redhat.com/security/cve/CVE-2019-2681\nhttps://access.redhat.com/security/cve/CVE-2019-2683\nhttps://access.redhat.com/security/cve/CVE-2019-2685\nhttps://access.redhat.com/security/cve/CVE-2019-2686\nhttps://access.redhat.com/security/cve/CVE-2019-2687\nhttps://access.redhat.com/security/cve/CVE-2019-2688\nhttps://access.redhat.com/security/cve/CVE-2019-2689\nhttps://access.redhat.com/security/cve/CVE-2019-2691\nhttps://access.redhat.com/security/cve/CVE-2019-2693\nhttps://access.redhat.com/security/cve/CVE-2019-2694\nhttps://access.redhat.com/security/cve/CVE-2019-2695\nhttps://access.redhat.com/security/cve/CVE-2019-2737\nhttps://access.redhat.com/security/cve/CVE-2019-2738\nhttps://access.redhat.com/security/cve/CVE-2019-2739\nhttps://access.redhat.com/security/cve/CVE-2019-2740\nhttps://access.redhat.com/security/cve/CVE-2019-2752\nhttps://access.redhat.com/security/cve/CVE-2019-2755\nhttps://access.redhat.com/security/cve/CVE-2019-2757\nhttps://access.redhat.com/security/cve/CVE-2019-2758\nhttps://access.redhat.com/security/cve/CVE-2019-2774\nhttps://access.redhat.com/security/cve/CVE-2019-2778\nhttps://access.redhat.com/security/cve/CVE-2019-2780\nhttps://access.redhat.com/security/cve/CVE-2019-2784\nhttps://access.redhat.com/security/cve/CVE-2019-2785\nhttps://access.redhat.com/security/cve/CVE-2019-2789\nhttps://access.redhat.com/security/cve/CVE-2019-2795\nhttps://access.redhat.com/security/cve/CVE-2019-2796\nhttps://access.redhat.com/security/cve/CVE-2019-2797\nhttps://access.redhat.com/security/cve/CVE-2019-2798\nhttps://access.redhat.com/security/cve/CVE-2019-2800\nhttps://access.redhat.com/security/cve/CVE-2019-2801\nhttps://access.redhat.com/security/cve/CVE-2019-2802\nhttps://access.redhat.com/security/cve/CVE-2019-2803\nhttps://access.redhat.com/security/cve/CVE-2019-2805\nhttps://access.redhat.com/security/cve/CVE-2019-2808\nhttps://access.redhat.com/security/cve/CVE-2019-2810\nhttps://access.redhat.com/security/cve/CVE-2019-2811\nhttps://access.redhat.com/security/cve/CVE-2019-2812\nhttps://access.redhat.com/security/cve/CVE-2019-2814\nhttps://access.redhat.com/security/cve/CVE-2019-2815\nhttps://access.redhat.com/security/cve/CVE-2019-2819\nhttps://access.redhat.com/security/cve/CVE-2019-2826\nhttps://access.redhat.com/security/cve/CVE-2019-2830\nhttps://access.redhat.com/security/cve/CVE-2019-2834\nhttps://access.redhat.com/security/cve/CVE-2019-2879\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXVOxPNzjgjWX9erEAQjMXA/9Eihmyr36juKBY8YJ6hqFuMlWDEtXH/uI\n/6z1r6cjHcLr4FU+qbt/q8lqQ/mKFBrfYgPrZe6RugoC52B4U4Zkt78Vy0WH4uFJ\ndh2C6eR2IwFp/avJD3m8vaDTL6aHHXOYSiGJCegg5kjmZyXMWHgI6/bVhprwy1k8\n+IXNSF9L87Ww/4teTv7L1eKchstpzZd+7V+ZS6JeaD1Cxu6vYV+Nrbo/J3362h1K\n3Zf/aromzPBEl9XXzmqJawN/t1twTp2XAhV8is4FzkQ0XAy/0IoFc/GP34MHYZ2R\nvwyeVehCmwtHBH8JrViQGE5HgeaE8fs7g3DqIefJmswB+NsYvw1rybPtgOhpew+W\nMIZaKrzFuiYIl3VQMR5VT2ZVerwglle1uP2x/gYvm4LZsqfdJcwBCFiJhDITQ2cw\nZKdlBAs3MJtkJJpWn1kAIKcblmUXU4LRZkJtIH+VBpr0NLQVGwJ2UG93jD7Y74tI\n3AH1YAaKHXuAjlpDw4qcWQsPnbegPaWesffkNty6+aLdt4y8nJ8IQWm5aMqSU5xW\n+6MQ9sf2qIRLYj+RFtNQJP+K0sK32DJjtrZuLDWD2Fhg9w9XG6SZxuSTxfVstBqi\nM42OspadVMdFto1IQuv9/9I7cS9l5srfVnjq7kO6yuENIm7/tJX+tjU4jagbfZ3L\nzLIpZwaofO8=\n=dahN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-2686"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "BID",
"id": "107913"
},
{
"db": "PACKETSTORM",
"id": "154103"
},
{
"db": "PACKETSTORM",
"id": "154060"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-2686",
"trust": 3.5
},
{
"db": "BID",
"id": "107913",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-11756",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154103",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154060",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "BID",
"id": "107913"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "PACKETSTORM",
"id": "154103"
},
{
"db": "PACKETSTORM",
"id": "154060"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"id": "VAR-201904-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
}
]
},
"last_update_date": "2024-08-14T12:17:16.597000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2019",
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2019 Risk Matrices",
"trust": 0.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html"
},
{
"title": "Patch for Oracle MySQL Server Denial of Service Vulnerability (CNVD-2019-11756)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/159291"
},
{
"title": "Oracle MySQL Server Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91472"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:2511"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2484"
},
{
"trust": 1.6,
"url": "https://support.f5.com/csp/article/k28312671"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html"
},
{
"trust": 0.9,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2686"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2686"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/107913"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3142/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-mysql-vulnerabilities-of-april-2019-29050"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-potentially-impacted-by-vulnerabilities-in-mysql/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2581"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2533"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2830"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2686"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2635"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2507"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2539"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2530"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2688"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2503"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2631"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2539"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2752"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2607"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2627"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2495"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2757"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2801"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2758"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2529"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2798"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2587"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2510"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2534"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2532"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2581"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2584"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2537"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2592"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2815"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2420"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2593"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2530"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2436"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2624"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2486"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2495"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2739"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2494"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2494"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2810"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2834"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2534"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2689"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2617"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2585"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2755"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2694"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2529"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2796"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2691"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2585"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2626"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2738"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2584"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2486"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2681"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2502"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2455"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2774"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2455"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2630"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2533"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2685"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2634"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2532"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2510"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2507"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2784"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2636"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2482"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2596"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2814"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2812"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2606"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2436"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2780"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "BID",
"id": "107913"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "PACKETSTORM",
"id": "154103"
},
{
"db": "PACKETSTORM",
"id": "154060"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"db": "BID",
"id": "107913"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"db": "PACKETSTORM",
"id": "154103"
},
{
"db": "PACKETSTORM",
"id": "154060"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"date": "2019-04-16T00:00:00",
"db": "BID",
"id": "107913"
},
{
"date": "2019-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"date": "2019-08-15T22:30:31",
"db": "PACKETSTORM",
"id": "154103"
},
{
"date": "2019-08-14T23:03:33",
"db": "PACKETSTORM",
"id": "154060"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"date": "2019-04-23T19:32:55.553000",
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-11756"
},
{
"date": "2019-04-16T00:00:00",
"db": "BID",
"id": "107913"
},
{
"date": "2019-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003631"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-674"
},
{
"date": "2023-01-30T15:46:55.587000",
"db": "NVD",
"id": "CVE-2019-2686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle MySQL of MySQL Server In Server: Optimizer Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-674"
}
],
"trust": 0.6
}
}
var-202106-0520
Vulnerability from variot
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. curl Is vulnerable to a resource leak to the wrong area.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. curl has a security vulnerability stemming from libcurl allowing applications to specify specific TLS ciphers to use in transit using an option called CURLOPT SSL CIPHER LIST
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.25"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.76.1"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.34"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.047"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.61.0"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "essbase",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \u0026 hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire enterprise sds \u0026 hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oracle essbase server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "mysql",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "solidfire baseboard management controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "cloud backup",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"cve": "CVE-2021-22897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22897",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381371",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22897",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-22897",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22897",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-22897",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1688",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381371",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22897",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. curl Is vulnerable to a resource leak to the wrong area.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. curl has a security vulnerability stemming from libcurl allowing applications to specify specific TLS ciphers to use in transit using an option called CURLOPT SSL CIPHER LIST",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "VULMON",
"id": "CVE-2021-22897"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22897",
"trust": 3.4
},
{
"db": "HACKERONE",
"id": "1172857",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052719",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052620",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-381371",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-09",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22897",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"id": "VAR-202106-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381371"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:17:53.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"title": "Fixing measures for vulnerabilities of encryption problems in many products",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=154687"
},
{
"title": "Red Hat: CVE-2021-22897",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22897"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22897 log"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "CWE-840",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"trust": 1.8,
"url": "https://curl.se/docs/cve-2021-22897.html"
},
{
"trust": 1.8,
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"trust": 1.8,
"url": "https://hackerone.com/reports/1172857"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22897"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22897"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052620"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-information-disclosure-via-concurrent-transfers-last-schannel-cipher-selection-35538"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060321"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052719"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/668.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381371"
},
{
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381371"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"date": "2021-06-11T16:15:10.963000",
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-381371"
},
{
"date": "2022-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22897"
},
{
"date": "2022-03-07T02:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-008166"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1688"
},
{
"date": "2024-03-27T15:47:40.347000",
"db": "NVD",
"id": "CVE-2021-22897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1688"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in Resource Leakage to Wrong Domain",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201501-0338
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK could be exploited remotely to allow unauthorized
References:
CVE-2015-4000 (aka LogJam, SSRT102095) CVE-2015-2808 (aka Bar Mitzvah) CVE-2015-0204 (aka Freak)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager i version v9.0x. v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for QA v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for IP Multicast QA v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for MPLS VPN v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for IP Telephony v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for NET v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for Metrics v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for Traffic v9.0x, v9.1x, v9.2x, v10.0x
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0204 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates for HP Network Node Manager i and Smart Plugins (iSPIs)
HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-4000 (LogJam)
HP Network Node Manager i version v9.1x, v9.2x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704653
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740484
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740489
Note: v10.x is not affected by LogJam
HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-2808 (Bar Mitzvah)
HP Network Node Manager i version v9.1x, v9.2x, v10.x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704651
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x, v10.0x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740486
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x, v10.0x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740487
HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-0204 (Freak)
HP Network Node Manager i version v9.x, v10.x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704633https://softwaresupport.hp.com/group/softwaresupport/ search-result/-/facetsearch/document/KM01704633
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740481
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740488
Note: v10.x is not affected by FREAK
HISTORY Version:1 (rev.1) - 20 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1l-r1 *>= 0.9.8z_p5-r1 >= 1.0.1l-r1
Description
Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream advisory referenced below for details:
- RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) (CVE-2015-0204)
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
- ASN.1 structure reuse memory corruption (CVE-2015-0287)
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
- PKCS7 NULL pointer dereferences (CVE-2015-0289)
- Base64 decode (CVE-2015-0292)
- DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:
- OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
- Multiblock corrupted pointer (CVE-2015-0290)
- Segmentation fault in DTLSv1_listen (CVE-2015-0207)
- Segmentation fault for invalid PSS parameters (CVE-2015-0208)
- Empty CKE with client auth and DHE (CVE-2015-1787)
- Handshake with unseeded PRNG (CVE-2015-0285)
Impact
A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure.
Workaround
There is no known workaround at this time. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2015-0204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204 [ 2 ] CVE-2015-0207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207 [ 3 ] CVE-2015-0208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208 [ 4 ] CVE-2015-0209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209 [ 5 ] CVE-2015-0285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285 [ 6 ] CVE-2015-0287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287 [ 7 ] CVE-2015-0288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288 [ 8 ] CVE-2015-0289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289 [ 9 ] CVE-2015-0290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290 [ 10 ] CVE-2015-0291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291 [ 11 ] CVE-2015-0292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292 [ 12 ] CVE-2015-0293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293 [ 13 ] CVE-2015-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787 [ 14 ] OpenSSL Security Advisory [19 Mar 2015] http://openssl.org/news/secadv_20150319.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015] =======================================
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Severity: High
If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: High
This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".
This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.
Multiblock corrupted pointer (CVE-2015-0290)
Severity: Moderate
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Severity: Moderate
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a
This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.
Base64 decode (CVE-2015-0292)
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. This was addressed in previous versions of OpenSSL but has not been included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.
Empty CKE with client auth and DHE (CVE-2015-1787)
Severity: Moderate
If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Handshake with unseeded PRNG (CVE-2015-0285)
Severity: Low
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.
For example using the following command with an unseeded openssl will succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them.
This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.3 as provided from the Red Hat Customer Portal are advised to apply this update. Solution:
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0800-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0800.html Issue date: 2015-04-13 CVE Names: CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2015-0204)
An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: openssl-0.9.8e-33.el5_11.src.rpm
i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm
x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: openssl-0.9.8e-33.el5_11.src.rpm
i386: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm
x86_64: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: openssl-0.9.8e-33.el5_11.src.rpm
i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm
ia64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm openssl-devel-0.9.8e-33.el5_11.ia64.rpm openssl-perl-0.9.8e-33.el5_11.ia64.rpm
ppc: openssl-0.9.8e-33.el5_11.ppc.rpm openssl-0.9.8e-33.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm openssl-devel-0.9.8e-33.el5_11.ppc.rpm openssl-devel-0.9.8e-33.el5_11.ppc64.rpm openssl-perl-0.9.8e-33.el5_11.ppc.rpm
s390x: openssl-0.9.8e-33.el5_11.s390.rpm openssl-0.9.8e-33.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm openssl-devel-0.9.8e-33.el5_11.s390.rpm openssl-devel-0.9.8e-33.el5_11.s390x.rpm openssl-perl-0.9.8e-33.el5_11.s390x.rpm
x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVK6+gXlSAg2UNWIIRAoSlAJ0UGwyEUVUDOKBoGDKJRsDtDdmxSwCgvH9a M4Bxjq//ZXaJCcyFFc1l5A4= =rctB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. SAP <http://www.sap.com/>has released the monthly critical patch update
for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check. This month, three critical vulnerabilities found by ERPScan researchers Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.
Issues that were patched with the help of ERPScan
Below are the details of SAP vulnerabilities that were found byERPScan http://www.erpscan.com/researchers.
- An XML eXternal Entity vulnerability in SAP Mobile Platform on-premise (CVSS Base Score:5.5).Updateis available in SAP Security Note2159601 https://service.sap.com/sap/support/notes/2159601. An attacker can use XML eXternal Entities to send specially crafted unauthorized XML requests, which will be processed by the XML parser. The attacker will get unauthorized access to the OS file system.
- A Hardcoded Credentials vulnerability in SAP Cross-System Tools (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659 https://service.sap.com/sap/support/notes/2059659. In addition, it is likely that the code will be implemented as a backdoor into the system.
- A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982 https://service.sap.com/sap/support/notes/2057982. In addition, it is likely that the code will be implemented as a backdoor into the system.
The most critical issues found by other researchers
Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. Companies providing SAP Security Audit, SAP Security Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes:
- 2151237 https://service.sap.com/sap/support/notes/2151237: SAP GUI for Windows has a Buffer Overflow vulnerability (CVSS Base Score:9.3). An attacker can use Buffer Overflow for injecting specially crafted code into working memory, which will be executed by the vulnerable application under the privileges of that application. In case of command execution,attackercan obtain critical technical and business-related information stored in the vulnerable SAP-system or escalate their own privileges. For this time, nobody will be able to use this service, which negatively influences business processes, system downtime, and, consequently, business reputation. It is recommended to install this SAP Security Note to prevent risks.
- 2129609 https://service.sap.com/sap/support/notes/2129609: SAP EP JDBC Connector has an SQL Injection vulnerability (CVSS Base Score:6.5). An attacker can use SQL Injections with the help of specially crafted SQL queries. They can read and modify sensitive information from a database, execute administrative operations in a database, destroy data or make it unavailable. In some cases, an attacker can access system data or execute OS commands. It is recommended to install this SAP Security Note to prevent risks.
- 1997734 https://service.sap.com/sap/support/notes/1997734: SAP RFC runtime has a Missing AuthorizationXheckvulnerability (CVSS Base Score:6.0). An attacker can use Missing Authorization Checks to access a service without any authorization procedures and use service functionality that has restricted access. It is recommended to install this SAP Security Note to prevent risks.
- 2163306 https://service.sap.com/sap/support/notes/2163306: SAP CommonCryptoLib and SAPCRYPTOLIB are vulnerable to FREAK (CVE-2015-0204, CVSS Base Score:5.0). It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. All the attacks on this page assume a network adversary (i.e. a man-in-the-middle) to tamper with TLS handshake messages. The typical scenario to mount such attacks is by tampering with the Domain Name System (DNS), for example via DNS rebinding or domain name seizure. This attack targets a class of deliberately weak export cipher suites. It is recommended to install this SAP Security Note to prevent risks.
References about the FREAK vulnerability:
- SMACK: State Machine AttaCKs https://www.smacktls.com/
- Tracking the FREAK Attack https://freakattack.com/
- CVE-2015-0204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
It is highly recommended to patch all those SAP vulnerabilities to prevent business risks affecting your SAP systems.
SAP has traditionally thanked the security researchers from ERPScan for found vulnerabilities on theiracknowledgment page http://scn.sap.com/docs/DOC-8218.
Advisories for those SAP vulnerabilities with technical details will be available in 3 months onerpscan.com http://www.erpscan.com/.
--
Darya Maenkova
PR manager
https://www.linkedin.com/company/2217474?trk=ppro_cprof https://twitter.com/erpscan
e-mail: d.maenkova@erpscan.com d.maenkova@erpscan.com
address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301
phone: 650.798.5255
erpscan.com http://erpscan.com
.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. This effectively removes forward secrecy from the ciphersuite. A server could present a weak temporary key and downgrade the security of the session. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
Release Date: 2015-02-25 Last Updated: 2015-02-25
Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilites
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 25 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jre 1.7.0 17",
"scope": null,
"trust": 1.8,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 17",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 13",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 43",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 39",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0:update 65",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.7.072"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.8.025"
},
{
"model": "jre update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.6.085"
},
{
"model": "jdk 1.6.0 43",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 45",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 38",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.6.085"
},
{
"model": "jre 1.7.0 13",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.8.025"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 21",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.081"
},
{
"model": "jre 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 55",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0:update 75",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0:update 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 61",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0:update 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.081"
},
{
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0:update 75",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.840"
},
{
"model": "jre 1.6.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.072"
},
{
"model": "jdk 1.7.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.691"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 55",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.8.0:update 5",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.8.0:update 5",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.776"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 14",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 15",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.7.0 21",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 71",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 61",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.581"
},
{
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.071"
},
{
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.581"
},
{
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 12",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.075"
},
{
"model": "jre 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 37",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.840"
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.075"
},
{
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 71",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.020"
},
{
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 15",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 14",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.691"
},
{
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0:update 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.067"
},
{
"model": "jdk 1.7.0 12",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.071"
},
{
"model": "jdk 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.067"
},
{
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.776"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.020"
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "research in motion rim",
"version": null
},
{
"model": "capssuite",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4 to v5.1"
},
{
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/faq navigator"
},
{
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/web questionnaire"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver6.0 to ver8.0"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "security risk management v1.0.2 to v2.1.4"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "a series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "d series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "e series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "m series (nas including options )"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s series"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.0"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.01"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.02"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v7.1 to v8.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4 to v9.2"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v9.1"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1 to v8.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator v3.1.0.x to v4.1.0.x"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter cl/web r13.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter cl/web r13.2"
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.8"
},
{
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 38",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 34",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.8"
},
{
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.1"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0"
},
{
"model": "bbm protected on blackberry",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1767"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "bbm on blackberry os",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1767"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.039"
},
{
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.17"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.28"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "websphere real time sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.1"
},
{
"model": "jdk update3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.306"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.055"
},
{
"model": "netezza platform software 7.2.0.4-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.42"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.025"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.1.0.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rational automation framework ifix5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "sametime community server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.04"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355041980"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.47"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cloud manager interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.12"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.22"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "sterling control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.21"
},
{
"model": "java sdk sr16-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "java sdk sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "websphere real time sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.2"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.00"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.039"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.35"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.06"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"model": "sterling connect:direct browser user interface ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.208"
},
{
"model": "jre update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.220"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.15"
},
{
"model": "chassis management module 2pet12g",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "java sdk ga",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.043"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "communications session border controller scz7.3.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.121"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "os",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1779"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"model": "jre update3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "cognos tm1 interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.2"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.3"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.3"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "flashsystem 9848-ac2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11.03"
},
{
"model": "work space manager for bes10/bes12 23584 14",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "jdk update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.260"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.22"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.139)"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.08"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.036"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.1"
},
{
"model": "chassis management module 2pet10e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "workcentre 3025ni",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "3.50.01.10"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.180"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571480"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.16"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.17"
},
{
"model": "java sdk sr16-fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.5"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "chassis management module 2pet10p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.7"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "chassis management module 2peo12r",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.2.3"
},
{
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "java sdk 6r1 sr8-fp2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "netezza platform software 7.1.0.4-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.3"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.1"
},
{
"model": "tivoli storage manager client management services",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32253.50.01.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"model": "java sdk sr16",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "bbm meetings for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "java sdk sr16-fp10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.8"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.10"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.7"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.1.31"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.13"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "hp-ux b.11.31 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v3)"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.1"
},
{
"model": "chassis management module 2pet12r",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "chassis management module 2pet10b",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "java sdk sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "chassis management module 2peo12o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.038"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.31"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.365"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "java sdk sr16-fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.411"
},
{
"model": "java sdk sr12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "tape subsystems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73210"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.15"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.11"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.01"
},
{
"model": "flashsystem 9846-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150361"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "7.0"
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bes10",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.3"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "jdk update2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "domino fix pack if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.133"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "30203.50.01.10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.1.1"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "bbm protected on ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.13"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "smartcloud entry fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.110"
},
{
"model": "rational build utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "cms r16.3 r7",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.12"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079470"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "infosphere information analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.01"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.032"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "5.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "tivoli netcool configuration manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mq appliance m2000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "jre update2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "jre update15",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0.590"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0.600"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.50"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "workcentre r1",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "6400061.070.105.25200"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "gpfs for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87310"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.5"
},
{
"model": "system m4 hdtype",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "java sdk sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7910"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.5"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.01"
},
{
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "jdk update33",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.21"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.13"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.045"
},
{
"model": "jre update10",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere real time sr9",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.12"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.52"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "jdk update6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"model": "jre update7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"model": "jdk update10",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "infosphere optim data masking solution",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3.0.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "java sdk sr16-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.0.28"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.9"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73230"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "domino fp if4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "jre update13",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.6"
},
{
"model": "workcentre spar",
"scope": "ne",
"trust": 0.3,
"vendor": "xerox",
"version": "355025.003.33.000"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.37"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "netezza platform software 7.1.0.5-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.18"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.5"
},
{
"model": "tivoli composite application manager for soa",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x57145"
},
{
"model": "java sdk sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.00"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.60"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.041"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.6"
},
{
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "cognos tm1 interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "chassis management module 2pet12h",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "xiv storage system gen3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.2.0"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "bbm protected on ios",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.32"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "security identity governance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.200"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.5"
},
{
"model": "jdk update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.43"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.122"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.027"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "content analysis system",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2.3.1"
},
{
"model": "chassis management module 2pet12d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571460"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.025"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "work browser for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.17483.17"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.05"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3.3"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.0"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.18"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.4"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.250"
},
{
"model": "db2 advanced enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "hp-ux b.11.23 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v2)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.21"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.4"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.211"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "websphere mq mqipt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.033"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "cognos tm1 fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.12"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "cms r16.3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.43"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.11"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "bbm protected on android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "domino interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.03"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.15"
},
{
"model": "mashup center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.7"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "netezza platform software 7.0.2.16-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "jdk update9",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.043"
},
{
"model": "jre update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.260"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.060"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.411"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6.0"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "6.0"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "java sdk sr14",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "link for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.1.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "10.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "linux enterprise server sp2 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "domino fp if3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.24"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "jre update4",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.2"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "cognos tm1 fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.238"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.036"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.11"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "work connect for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.17483.21"
},
{
"model": "jdk update24",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.051"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "domino if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.06"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.29"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.9"
},
{
"model": "one-x client enablement services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "jre update5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.50"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "blend for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.195"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.034"
},
{
"model": "java sdk sr16",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5.0.2"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "xiv storage system gen3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "work space manager for bes10/bes12 24755 137",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "infosphere global name management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "hp-ux b.11.11 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v1)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "jdk update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.280"
},
{
"model": "domino fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150360"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.038"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.4"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073800"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11"
},
{
"model": "jdk update7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.00"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "phaser",
"scope": "ne",
"trust": 0.3,
"vendor": "xerox",
"version": "36001.70.03.06"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jre update11",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.4"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.5"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "system idataplex dx360 m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63910"
},
{
"model": "infosphere master data management server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura utility services sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.6"
},
{
"model": "jre update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jre update17",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.270"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.32"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.303"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.56"
},
{
"model": "chassis management module 2pet10h",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.12"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.12"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "blend for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.21"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "java sdk 6r1 sr8-fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"model": "norman shark industrial control system protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32153.50.01.10"
},
{
"model": "websphere appliance management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.11"
},
{
"model": "jdk update31",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.11"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "3.6"
},
{
"model": "flashsystem 9846-ac2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "chassis management module 2pet12i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.366"
},
{
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "chassis management module 2pet10m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.032"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.45"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk update19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chassis management module 2pete5o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9848-ac2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "communications session border controller scz7.2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5.0.2"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.8"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.66"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079440"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.32"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "websphere real time sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "jdk update30",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.300"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571430"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"model": "bbm on blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.051"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.70"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.14"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.045"
},
{
"model": "work space manager for bes10/bes12 24144 68",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "java sdk sr16-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.14"
},
{
"model": "sametime community server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.303"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.024"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.2"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "flashsystem 9848-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.038"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "chassis management module 2pet12f",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.10"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.040"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.10"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "bbm protected on android",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.0"
},
{
"model": "work space manager for bes10/bes12 25374 241",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.041"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.029"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "java sdk r1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "java sdk 7r1 sr2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.9"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363073770"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aura conferencing sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "linux enterprise module for legacy software",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl 1.0.0h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.21"
},
{
"model": "flashsystem 9846-ae2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.010"
},
{
"model": "tivoli netcool configuration manager if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.6003"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.027"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.022"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "sterling connect:direct browser ifix10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.3"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.124"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "java sdk sr16-fp8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054540"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.13"
},
{
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3810"
},
{
"model": "domino if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.07"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "workcentre 3025bi",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "3.50.01.10"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.212"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.033"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "jre 1.6.0 31",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "java sdk sr9",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "jdk update20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "bbm on ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.302"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.3"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.10"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "blend for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "rational build utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "chassis management module 2peo12i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.4"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "lotus quickr for websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.060"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "chassis management module 2pet10c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "chassis management module 2pet10f",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.34"
},
{
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.10"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355042540"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.6"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.5"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "one-x client enablement services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.2"
},
{
"model": "blend for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.10"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"model": "tivoli monitoring fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.5"
},
{
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "30523.50.01.11"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "work space manager for bes10/bes12 24651 124",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.3"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.28"
},
{
"model": "xiv storage system gen3 a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.030"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "java sdk sr13",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.209"
},
{
"model": "jre 1.5.0 09-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.41"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.0.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "enterprise linux server eus 6.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0.4"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.051"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bbm on windows phone",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.0.0.25"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.42"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jre update30",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.300"
},
{
"model": "java sdk 7r1 sr1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.10"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.16)"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.13"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.034"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server community edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.4"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre update5",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "pureapplication system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "rational sap connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.8"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.035"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.6"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "jdk update11",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "java sdk sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.42"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"model": "work space manager for bes10/bes12 23853 47",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.480"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.026"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.2"
},
{
"model": "work space manager for bes10/bes12 25616 10",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.33"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.20"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.2"
},
{
"model": "workcentre spar",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "35500"
},
{
"model": "os image for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "tivoli monitoring fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.24"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.18"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "aura conferencing sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365042550"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4.0.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"model": "java sdk sr1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.040"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.3"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.10"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.3"
},
{
"model": "db2 advanced workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "bbm meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.9"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.065"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.214"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.11"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.305"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.5"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.10"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.5.03.00"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.4"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.037"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli storage manager client management services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "bbm meetings for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.7"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.220"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.12"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571470"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.31"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "db2 developer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.0.10"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.8"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365041990"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.11"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87340"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.041"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.24"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.12"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150359"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.180"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.045"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.47"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "domino interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.06"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.15"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.051"
},
{
"model": "java sdk sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java sdk sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "websphere real time sr7 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "bbm meetings for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "bes",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "50"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "jre update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.11"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "work space manager for bes10/bes12 24998 176",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0.1"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.1.12"
},
{
"model": "jdk update4",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.024"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update23",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.045"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.5"
},
{
"model": "java sdk 7r1 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571490"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3.6"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre 1.6.0 33",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.038"
},
{
"model": "db2 purescale feature",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.040"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.029"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "chassis management module 2pete6l",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.12"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1154"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.85"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "chassis management module 2peo12p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.16"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jboss enterprise application platform",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.74"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.023"
},
{
"model": "jre update6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.41"
},
{
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "aura conferencing sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.470"
},
{
"model": "java sdk sr16-fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.13"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.022"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.09"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "bbm meetings for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "java sdk 6r1 sr8-fp3",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "websphere real time sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.1"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jdk update5",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"model": "websphere real time sr8 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"model": "flashsystem 9846-ac2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.11"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.213"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.12"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "phaser 3300mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "20.105.52.000"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.6"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.2"
},
{
"model": "os image for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.4"
},
{
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4.0.5"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.160"
},
{
"model": "jre update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.280"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.51"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "blend for android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.2.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571910"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.32"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "chassis management module 2pet10i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.16"
},
{
"model": "jre update33",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.69"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.135)"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571450"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "java sdk sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "java sdk sr15",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "aura conferencing sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "jdk update18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "mashup center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.8"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.6"
},
{
"model": "domino fix pack if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.367"
},
{
"model": "jre update1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.12"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.20"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.031"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.030"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.4"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.019"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "jre 1.6.0 37",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bbm on android",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "netezza platform software 7.0.4.7-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.19"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.7"
},
{
"model": "project openssl 0.9.8u",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.3.48"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "flashsystem 9848-ae2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "communications session border controller scz7.4.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.410"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32603.50.01.11"
},
{
"model": "bbm protected on blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.16"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "36000"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "cms r16.3 r6",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "infosphere master data management server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.0"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.035"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.039"
},
{
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "java sdk sr8-fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.026"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.12"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "jre update6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.60"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "java sdk sr4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "netezza platform software 7.0.2.15-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.055"
},
{
"model": "chassis management module 2pet12k",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079450"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura communication manager ssp04",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.040"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "jdk update14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chassis management module 2pet10d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "7.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.039"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "chassis management module 2pet10k",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "idataplex dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79790"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jdk update1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "malware analysis appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.06"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.44"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere real time sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.0"
},
{
"model": "norman shark scada protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "websphere mq for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.1"
},
{
"model": "websphere real time sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "chassis management module 2pet10g",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jre update21",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"model": "bbm on windows phone",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.0.0.24"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.11"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.08"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.037"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.7"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.45"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "chassis management module 2pet12p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.8"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.3"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.205"
},
{
"model": "jre update32",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.320"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.170"
},
{
"model": "chassis management module 2pet12o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.18"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "norman shark network protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.041"
},
{
"model": "java sdk sr16-fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "work space manager for bes10/bes12 23819 44",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11.04"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.19"
},
{
"model": "storediq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.11"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "jre update25",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "netezza platform software 7.0.4.8-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.10"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "tririga for energy optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571430"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.17"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.141"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.2"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.045"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63800"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.205"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4.0.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5.0.2"
},
{
"model": "smartcloud entry fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.19"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1.3"
},
{
"model": "jdk update16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.123"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "jdk update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079460"
},
{
"model": "idataplex dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "chassis management module 2pet12e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.153"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.213"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.110"
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571920"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.6"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.023"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.15"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "java sdk sr16-fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.33"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.14"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.35"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "bbm on ios",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.32"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.12"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.13"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.0.1052"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.2"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "jdk update29",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.180"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "jre update9",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "bbm protected on blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4.0.5"
},
{
"model": "chassis management module 2pet10q",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere real time sr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "39"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.09"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "java sdk sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.75"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "java sdk sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "java sdk sr4-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.6"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"model": "chassis management module 2peo12e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.12"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jre update9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.90"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "java sdk 7r1 sr2-fp10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.00"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.152"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cognos insight standard edition fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.24"
},
{
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.14"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "aura application server sip core sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "java sdk 6r1 sr8",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "universal device service",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.031"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"model": "xiv storage system gen2 10.2.4.e-6",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.242"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"model": "chassis management module 2pet10a",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.13"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350078390"
},
{
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "jre update4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.40"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.0.1418"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.12"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:nec:capssuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:csview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:enterpriseidentitymanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:express5800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infocage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_sr100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:istorage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karthikeyan Bhargavan of the PROSECCO team at INRIA",
"sources": [
{
"db": "BID",
"id": "71936"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0204",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-001672",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0204",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-001672",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2015-0204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n\nThe RC4 stream cipher vulnerability in SSL/TLS known as \"Bar Mitzvah\" could\nbe exploited remotely to allow disclosure of information. \nThe TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman\nkey exchange known as \"Logjam\" could be exploited remotely to allow\nunauthorized modification. \nThe SSLv3 vulnerability using US export-grade RSA encryption known as FREAK\ncould be exploited remotely to allow unauthorized\n\nReferences:\n\nCVE-2015-4000 (aka LogJam, SSRT102095)\nCVE-2015-2808 (aka Bar Mitzvah)\nCVE-2015-0204 (aka Freak)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP Network Node Manager i version v9.0x. v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI Performance for QA v9.0x, v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI for IP Multicast QA v9.0x, v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI for MPLS VPN v9.0x, v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI for IP Telephony v9.0x, v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI for NET v9.0x, v9.1x, v9.2x, v10.0x\nHP Network Node Manager iSPI Performance for Metrics v9.0x, v9.1x, v9.2x,\nv10.0x\nHP Network Node Manager iSPI Performance for Traffic v9.0x, v9.1x, v9.2x,\nv10.0x\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates for HP Network Node Manager i and Smart\nPlugins (iSPIs)\n\nHP Network Node Manager i and Smart Plugins (iSPIs) Version\n Link to update for CVE-2015-4000 (LogJam)\n\nHP Network Node Manager i version v9.1x, v9.2x\niSPI Performance for QA\niSPI for IP Multicast\niSPI for MPLS VPN\niSPI for IP Telephony\n\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01704653\n\nHP Network Node Manager iSPI for Metrics v9.1x, v9.2x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740484\n\nHP Network Node Manager iSPI for Traffic v9.1x, v9.2x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740489\n\nNote: v10.x is not affected by LogJam\n\nHP Network Node Manager i and Smart Plugins (iSPIs) Version\n Link to update for CVE-2015-2808 (Bar Mitzvah)\n\nHP Network Node Manager i version v9.1x, v9.2x, v10.x\niSPI Performance for QA\niSPI for IP Multicast\niSPI for MPLS VPN\niSPI for IP Telephony\n\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01704651\n\nHP Network Node Manager iSPI for Metrics v9.1x, v9.2x, v10.0x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740486\n\nHP Network Node Manager iSPI for Traffic v9.1x, v9.2x, v10.0x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740487\n\nHP Network Node Manager i and Smart Plugins (iSPIs) Version\n Link to update for CVE-2015-0204 (Freak)\n\nHP Network Node Manager i version v9.x, v10.x\niSPI Performance for QA\niSPI for IP Multicast\niSPI for MPLS VPN\niSPI for IP Telephony\n\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01704633https://softwaresupport.hp.com/group/softwaresupport/\nsearch-result/-/facetsearch/document/KM01704633\n\nHP Network Node Manager iSPI for Metrics v9.1x, v9.2x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740481\n\nHP Network Node Manager iSPI for Traffic v9.1x, v9.2x\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/KM01740488\n\nNote: v10.x is not affected by FREAK\n\nHISTORY\nVersion:1 (rev.1) - 20 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1l-r1 *\u003e= 0.9.8z_p5-r1\n \u003e= 1.0.1l-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers and the upstream advisory referenced below for details:\n\n* RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)\n (CVE-2015-0204)\n* Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n* ASN.1 structure reuse memory corruption (CVE-2015-0287)\n* X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n* PKCS7 NULL pointer dereferences (CVE-2015-0289)\n* Base64 decode (CVE-2015-0292)\n* DoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n* Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n\nThe following issues affect OpenSSL 1.0.2 only which is not part of the\nsupported Gentoo stable tree:\n\n* OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n* Multiblock corrupted pointer (CVE-2015-0290)\n* Segmentation fault in DTLSv1_listen (CVE-2015-0207)\n* Segmentation fault for invalid PSS parameters (CVE-2015-0208)\n* Empty CKE with client auth and DHE (CVE-2015-1787)\n* Handshake with unseeded PRNG (CVE-2015-0285)\n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to cause Denial of\nService or Information Disclosure. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \nTools such as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2015-0204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204\n[ 2 ] CVE-2015-0207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207\n[ 3 ] CVE-2015-0208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208\n[ 4 ] CVE-2015-0209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209\n[ 5 ] CVE-2015-0285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285\n[ 6 ] CVE-2015-0287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287\n[ 7 ] CVE-2015-0288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288\n[ 8 ] CVE-2015-0289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289\n[ 9 ] CVE-2015-0290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290\n[ 10 ] CVE-2015-0291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291\n[ 11 ] CVE-2015-0292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292\n[ 12 ] CVE-2015-0293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293\n[ 13 ] CVE-2015-1787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787\n[ 14 ] OpenSSL Security Advisory [19 Mar 2015]\n http://openssl.org/news/secadv_20150319.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. This was addressed in previous versions of OpenSSL but has not been\nincluded in any security advisory until now. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. \n\nThe fix for this issue can be identified by commits d0666f289a (1.0.1),\n84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nIt was found that a prior countermeasure in Apache WSS4J for\nBleichenbacher\u0027s attack on XML Encryption (CVE-2011-2487) threw an\nexception that permitted an attacker to determine the failure of the\nattempted attack, thereby leaving WSS4J vulnerable to the attack. \nThe original flaw allowed a remote attacker to recover the entire plain\ntext form of a symmetric key. A remote attacker could use this flaw to\nlog to a victim\u0027s account via PicketLink. (CVE-2015-0277)\n\nIt was discovered that a JkUnmount rule for a subtree of a previous JkMount\nrule could be ignored. This could allow a remote attacker to potentially\naccess a private artifact in a tree that would otherwise not be accessible\nto them. (CVE-2015-0204)\n\nIt was found that Apache WSS4J permitted bypass of the\nrequireSignedEncryptedDataElements configuration property via XML Signature\nwrapping attacks. A remote attacker could use this flaw to modify the\ncontents of a signed request. (CVE-2014-3570)\n\nIt was found that the Command Line Interface, as provided by Red Hat\nEnterprise Application Platform, created a history file named\n.jboss-cli-history in the user\u0027s home directory with insecure default file\npermissions. This could allow a malicious local user to gain information\notherwise not accessible to them. \n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,\nlinked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 as provided\nfrom the Red Hat Customer Portal are advised to apply this update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0800-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0800.html\nIssue date: 2015-04-13\nCVE Names: CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 \n CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 \n CVE-2015-0293 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2015-0204)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had both\nthe SSLv2 protocol and EXPORT-grade cipher suites enabled. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain\nASN.1 structures. A specially crafted X.509 certificate could cause\nan application using OpenSSL to crash if the application attempted to\nconvert the certificate to a certificate request. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting \nCVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and \nCVE-2015-0293. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-33.el5_11.i386.rpm\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-perl-0.9.8e-33.el5_11.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-33.el5_11.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-33.el5_11.i386.rpm\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-perl-0.9.8e-33.el5_11.i386.rpm\n\nia64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.ia64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm\nopenssl-devel-0.9.8e-33.el5_11.ia64.rpm\nopenssl-perl-0.9.8e-33.el5_11.ia64.rpm\n\nppc:\nopenssl-0.9.8e-33.el5_11.ppc.rpm\nopenssl-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-devel-0.9.8e-33.el5_11.ppc.rpm\nopenssl-devel-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-perl-0.9.8e-33.el5_11.ppc.rpm\n\ns390x:\nopenssl-0.9.8e-33.el5_11.s390.rpm\nopenssl-0.9.8e-33.el5_11.s390x.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.s390.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm\nopenssl-devel-0.9.8e-33.el5_11.s390.rpm\nopenssl-devel-0.9.8e-33.el5_11.s390x.rpm\nopenssl-perl-0.9.8e-33.el5_11.s390x.rpm\n\nx86_64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-33.el5_11.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0287\nhttps://access.redhat.com/security/cve/CVE-2015-0288\nhttps://access.redhat.com/security/cve/CVE-2015-0289\nhttps://access.redhat.com/security/cve/CVE-2015-0292\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt \nhttps://www.openssl.org/news/secadv_20150319.txt\nhttps://access.redhat.com/articles/1384453\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVK6+gXlSAg2UNWIIRAoSlAJ0UGwyEUVUDOKBoGDKJRsDtDdmxSwCgvH9a\nM4Bxjq//ZXaJCcyFFc1l5A4=\n=rctB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. SAP \u003chttp://www.sap.com/\u003ehas released the monthly critical patch update \nfor June 2015. This patch update closes a lot of vulnerabilities in SAP \nproducts. The most popular vulnerability is Missing Authorization Check. \nThis month, three critical vulnerabilities found by ERPScan researchers \nVahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed. \n\n*Issues that were patched with the help of ERPScan*\n\nBelow are the details of SAP vulnerabilities that were found byERPScan \n\u003chttp://www.erpscan.com/\u003eresearchers. \n\n * An XML eXternal Entity vulnerability in SAP Mobile Platform\n on-premise (CVSS Base Score:5.5).Updateis available in SAP Security\n Note2159601 \u003chttps://service.sap.com/sap/support/notes/2159601\u003e. An\n attacker can use XML eXternal Entities to send specially crafted\n unauthorized XML requests, which will be processed by the XML\n parser. The attacker will get unauthorized access to the OS file system. \n * A Hardcoded Credentials vulnerability in SAP Cross-System Tools\n (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659\n \u003chttps://service.sap.com/sap/support/notes/2059659\u003e. In addition, it is likely that the\n code will be implemented as a backdoor into the system. \n * A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench\n (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982\n \u003chttps://service.sap.com/sap/support/notes/2057982\u003e. In addition, it is likely that the\n code will be implemented as a backdoor into the system. \n\n\n*The most critical issues found by other researchers*\n\nSome of our readers and clients asked us to categorize the most critical \nSAP vulnerabilities to patch them first. Companies providing SAP \nSecurity Audit, SAP Security Assessment, or SAP Penetration Testing \nservices can include these vulnerabilities in their checklists. The most \ncritical vulnerabilities of this update can be patched by the following \nSAP Security Notes:\n\n * 2151237 \u003chttps://service.sap.com/sap/support/notes/2151237\u003e: SAP GUI\n for Windows has a Buffer Overflow vulnerability (CVSS Base\n Score:9.3). An attacker can use Buffer Overflow for injecting\n specially crafted code into working memory, which will be executed\n by the vulnerable application under the privileges of that\n application. In case of command execution,attackercan obtain\n critical technical and business-related information stored in the\n vulnerable SAP-system or escalate their own privileges. For this time, nobody will be able to use this service,\n which negatively influences business processes, system downtime,\n and, consequently, business reputation. It is recommended to install\n this SAP Security Note to prevent risks. \n * 2129609 \u003chttps://service.sap.com/sap/support/notes/2129609\u003e: SAP EP\n JDBC Connector has an SQL Injection vulnerability (CVSS Base\n Score:6.5). An attacker can use SQL Injections with the help of\n specially crafted SQL queries. They can read and modify sensitive\n information from a database, execute administrative operations in a\n database, destroy data or make it unavailable. In some cases, an\n attacker can access system data or execute OS commands. It is\n recommended to install this SAP Security Note to prevent risks. \n * 1997734 \u003chttps://service.sap.com/sap/support/notes/1997734\u003e: SAP RFC\n runtime has a Missing AuthorizationXheckvulnerability (CVSS Base\n Score:6.0). An attacker can use Missing Authorization Checks to\n access a service without any authorization procedures and use\n service functionality that has restricted access. It\n is recommended to install this SAP Security Note to prevent risks. \n * 2163306 \u003chttps://service.sap.com/sap/support/notes/2163306\u003e: SAP\n CommonCryptoLib and SAPCRYPTOLIB are vulnerable to FREAK\n (CVE-2015-0204, CVSS Base Score:5.0). It allows an attacker to\n intercept HTTPS connections between vulnerable clients and servers\n and force them to use weakened encryption, which the attacker can\n break to steal or manipulate sensitive data. All the attacks on this\n page assume a network adversary (i.e. a man-in-the-middle) to tamper\n with TLS handshake messages. The typical scenario to mount such\n attacks is by tampering with the Domain Name System (DNS), for\n example via DNS rebinding or domain name seizure. This attack\n targets a class of deliberately weak export cipher suites. It is\n recommended to install this SAP Security Note to prevent risks. \n\n\n*References about the FREAK vulnerability:*\n\n * SMACK: State Machine AttaCKs \u003chttps://www.smacktls.com/\u003e\n * Tracking the FREAK Attack \u003chttps://freakattack.com/\u003e\n * CVE-2015-0204\n \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\nIt is highly recommended to patch all those SAP vulnerabilities to \nprevent business risks affecting your SAP systems. \n\nSAP has traditionally thanked the security researchers from ERPScan for \nfound vulnerabilities on theiracknowledgment page \n\u003chttp://scn.sap.com/docs/DOC-8218\u003e. \n\nAdvisories for those SAP vulnerabilities with technical details will be \navailable in 3 months onerpscan.com \u003chttp://www.erpscan.com/\u003e. \n\n-- \n\nDarya Maenkova\n\nPR manager\n\n\u003chttps://www.linkedin.com/company/2217474?trk=ppro_cprof\u003e \n\u003chttps://twitter.com/erpscan\u003e\n\n\u003chttp://erpscan.com/\u003e\n\n------------------------------------------------------------------------\n\ne-mail: d.maenkova@erpscan.com \u003cmailto:d.maenkova@erpscan.com\u003e\n\naddress: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\n\nphone: 650.798.5255\n\nerpscan.com \u003chttp://erpscan.com\u003e\n\n. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. This\neffectively removes forward secrecy from the ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nRelease Date: 2015-02-25\nLast Updated: 2015-02-25\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilites\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 25 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0204"
},
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133274"
},
{
"db": "PACKETSTORM",
"id": "130916"
},
{
"db": "PACKETSTORM",
"id": "130933"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "131387"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "132268"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0204",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#243585",
"trust": 1.6
},
{
"db": "BID",
"id": "71936",
"trust": 1.4
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10110",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU99125992",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2015-0204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131387",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132268",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130545",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133274"
},
{
"db": "PACKETSTORM",
"id": "130916"
},
{
"db": "PACKETSTORM",
"id": "130933"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "131387"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "132268"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"id": "VAR-201501-0338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.48673216
},
"last_update_date": "2024-09-19T20:53:35.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU99125992/522154/index.html"
},
{
"title": "NV15-016",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html"
},
{
"title": "[08 Jan 2015]",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"title": "3046015",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/3046015"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20150113-CVE-2015-0204"
},
{
"title": "Red Hat: CVE-2015-0204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0204"
},
{
"title": "Symantec Security Advisories: SA91 : FREAK Attack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=fb8c9ab0a61ac1def90eef5ef6757895"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
},
{
"title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-04"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "FreakVulnChecker",
"trust": 0.1,
"url": "https://github.com/felmoltor/FreakVulnChecker "
},
{
"title": "Freak-Scanner",
"trust": 0.1,
"url": "https://github.com/scottjpack/Freak-Scanner "
},
{
"title": "FREAK-Attack-CVE-2015-0204-Testing-Script",
"trust": 0.1,
"url": "https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script "
},
{
"title": "stuff",
"trust": 0.1,
"url": "https://github.com/thekondrashov/stuff "
},
{
"title": "non-controlflow-hijacking-datasets",
"trust": 0.1,
"url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
},
{
"title": "scz_doc_copy",
"trust": 0.1,
"url": "https://github.com/TopCaver/scz_doc_copy "
},
{
"title": "checks",
"trust": 0.1,
"url": "https://github.com/cryptflow/checks "
},
{
"title": "tls",
"trust": 0.1,
"url": "https://github.com/greyleonie/tls "
},
{
"title": "JPN_RIC13351-2",
"trust": 0.1,
"url": "https://github.com/neominds/JPN_RIC13351-2 "
},
{
"title": "script_a2sv",
"trust": 0.1,
"url": "https://github.com/F4RM0X/script_a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/hahwul/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/TheRipperJhon/a2sv "
},
{
"title": "sslscanner",
"trust": 0.1,
"url": "https://github.com/fireorb/sslscanner "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/H4CK3RT3CH/a2sv "
},
{
"title": "HTTPSScan",
"trust": 0.1,
"url": "https://github.com/alexoslabs/HTTPSScan "
},
{
"title": "A2SV--SSL-VUL-Scan",
"trust": 0.1,
"url": "https://github.com/nyctophile6/A2SV--SSL-VUL-Scan "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.6,
"url": "https://www.smacktls.com/#freak"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
},
{
"trust": 1.4,
"url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.3,
"url": "https://www.openssl.org/news/secadv_20150319.txt"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71936"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://support.novell.com/security/cve/cve-2015-0204.html"
},
{
"trust": 1.1,
"url": "https://freakattack.com/"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa91"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/757.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2"
},
{
"trust": 0.8,
"url": "https://technet.microsoft.com/library/security/3046015.aspx"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99125992/index.html"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/243585"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanv8#announce1"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011689"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903805"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960151"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960634"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963126"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21963526"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964496"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964610"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964625"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964730"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960515"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902444"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902710"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960815"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957999"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959525"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965448"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903747"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964850"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957855"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958902"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959252"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011698"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011712"
},
{
"trust": 0.3,
"url": "https://service.sap.com/sap/support/notes/2163306"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903636"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903396"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967539"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903541"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903029"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965485"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964027"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903651"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958017"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903247"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903256"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903516"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965920"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961223"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903031"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965404"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962552"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958919"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958918"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957919"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962838"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960075"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902765"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902862"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902866"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959306"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903394"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957779"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961493"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964236"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957995"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902635"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700163"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700168"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700028"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanxd"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960460"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963609"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965940"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967709"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967962"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968485"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968869"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.2,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.2,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.2,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://github.com/felmoltor/freakvulnchecker"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37722"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0292"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0277"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=appplatform\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/1384453"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2057982\u003e."
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2159601\u003e."
},
{
"trust": 0.1,
"url": "https://www.linkedin.com/company/2217474?trk=ppro_cprof\u003e"
},
{
"trust": 0.1,
"url": "http://erpscan.com\u003e"
},
{
"trust": 0.1,
"url": "http://scn.sap.com/docs/doc-8218\u003e."
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2129609\u003e:"
},
{
"trust": 0.1,
"url": "https://freakattack.com/\u003e"
},
{
"trust": 0.1,
"url": "https://twitter.com/erpscan\u003e"
},
{
"trust": 0.1,
"url": "http://www.erpscan.com/\u003eresearchers."
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2151237\u003e:"
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2163306\u003e:"
},
{
"trust": 0.1,
"url": "http://www.sap.com/\u003ehas"
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/1997734\u003e:"
},
{
"trust": 0.1,
"url": "http://erpscan.com/\u003e"
},
{
"trust": 0.1,
"url": "https://service.sap.com/sap/support/notes/2059659\u003e."
},
{
"trust": 0.1,
"url": "https://www.smacktls.com/\u003e"
},
{
"trust": 0.1,
"url": "http://www.erpscan.com/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133274"
},
{
"db": "PACKETSTORM",
"id": "130916"
},
{
"db": "PACKETSTORM",
"id": "130933"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "131387"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "132268"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133274"
},
{
"db": "PACKETSTORM",
"id": "130916"
},
{
"db": "PACKETSTORM",
"id": "130933"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "131387"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "132268"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#243585"
},
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71936"
},
{
"date": "2015-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"date": "2015-03-27T20:43:39",
"db": "PACKETSTORM",
"id": "131045"
},
{
"date": "2015-08-24T22:05:27",
"db": "PACKETSTORM",
"id": "133274"
},
{
"date": "2015-03-20T04:45:06",
"db": "PACKETSTORM",
"id": "130916"
},
{
"date": "2015-03-20T05:46:26",
"db": "PACKETSTORM",
"id": "130933"
},
{
"date": "2015-04-17T06:44:37",
"db": "PACKETSTORM",
"id": "131471"
},
{
"date": "2015-04-13T14:03:56",
"db": "PACKETSTORM",
"id": "131387"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-04-14T18:54:44",
"db": "PACKETSTORM",
"id": "131408"
},
{
"date": "2015-06-11T23:51:55",
"db": "PACKETSTORM",
"id": "132268"
},
{
"date": "2015-01-09T02:01:10",
"db": "PACKETSTORM",
"id": "129867"
},
{
"date": "2015-02-26T17:13:09",
"db": "PACKETSTORM",
"id": "130545"
},
{
"date": "2015-01-09T02:59:10.287000",
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-27T00:00:00",
"db": "CERT/CC",
"id": "VU#243585"
},
{
"date": "2018-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"date": "2018-10-08T07:00:00",
"db": "BID",
"id": "71936"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"date": "2018-07-19T01:29:01.700000",
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "132268"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 0.4
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "71936"
}
],
"trust": 0.3
}
}
var-201607-0661
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5453",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5453",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5453",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5453",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94272",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027IPMI\u0027 protocol. The \u0027IPMI\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5453",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92014",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"id": "VAR-201607-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:18:48.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63177"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92014"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5453"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5453"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"date": "2016-07-21T10:15:09.397000",
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"date": "2017-09-01T01:29:29.787000",
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In IPMI Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
}
}
var-201501-0435
Vulnerability from variot
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. OpenSSL is prone to denial-of-service vulnerability due to a NULL pointer dereference condition. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
References:
CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0288 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
For the upcoming stable distribution (jessie), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2014-3570]
III. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04635715
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04635715 Version: 1
HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-04-13 Last Updated: 2015-04-13
Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101934
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS: All versions prior to 1.4-502.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities for HP SSL for OpenVMS.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account.
Search for the appropriate Patch Kit from the following table:
HP SSL for OpenVMS Version Platform/OS Version Patch Kit Name
1.4-502 Alpha OpenVMS V8.3 and V8.4 HP-AXPVMS-SSL-V0104
1.4-502 ITANIUM OpenVMS V8.3, V8.3-1H1, and V8.4 HP-I64VMS-SSL-V0104
HISTORY Version:1 (rev.1) - 13 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0435",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "communications session border controller scz7.4.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli netcool/reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "communications security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communications session border controller scz7.3.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "enterprise communications broker pcz2.0.0m4p5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "enterprise session border controller ecz7.3m2p2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "openssh for gpfs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.3"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1.0"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71937"
},
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Markus Stenberg of Cisco Systems, Inc.",
"sources": [
{
"db": "BID",
"id": "71937"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3571",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3571",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3571",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3571",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. OpenSSL is prone to denial-of-service vulnerability due to a NULL pointer dereference condition. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \n\nReferences:\n\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0288\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2014-3569\n\n Frank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy. \n\nCVE-2014-8275\n\n Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user\u0027s password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2014-3570]\n\nIII. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04635715\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04635715\nVersion: 1\n\nHPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and\nother Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-13\nLast Updated: 2015-04-13\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SSL for\nOpenVMS. \n\nReferences:\n\n CVE-2014-8275 Cryptographic Issues (CWE-310)\n CVE-2014-3569 Remote Denial of Service (DoS)\n CVE-2014-3570 Cryptographic Issues (CWE-310)\n CVE-2014-3571 Remote Denial of Service (DoS)\n CVE-2014-3572 Cryptographic Issues (CWE-310)\n CVE-2015-0204 Cryptographic Issues (CWE-310)\n SSRT101934\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerabilities\nfor HP SSL for OpenVMS. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. \n\n Search for the appropriate Patch Kit from the following table:\n\n HP SSL for OpenVMS Version\n Platform/OS Version\n Patch Kit Name\n\n 1.4-502\n Alpha OpenVMS V8.3 and V8.4\n HP-AXPVMS-SSL-V0104\n\n 1.4-502\n ITANIUM OpenVMS V8.3, V8.3-1H1, and V8.4\n HP-I64VMS-SSL-V0104\n\nHISTORY\nVersion:1 (rev.1) - 13 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. This could lead to a Denial Of Service attack. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3571"
},
{
"db": "BID",
"id": "71937"
},
{
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3571",
"trust": 2.3
},
{
"db": "BID",
"id": "71937",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2014-3571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129880",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131359",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130051",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"db": "BID",
"id": "71937"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"id": "VAR-201501-0435",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4209152
},
"last_update_date": "2024-09-19T21:24:13.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2014-3571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3571"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-03"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71937"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3571"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
},
{
"trust": 0.1,
"url": "https://www.frida.re"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "http://dtorres.me)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2459-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"db": "BID",
"id": "71937"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"db": "BID",
"id": "71937"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"date": "2014-10-22T00:00:00",
"db": "BID",
"id": "71937"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-01-12T17:17:37",
"db": "PACKETSTORM",
"id": "129880"
},
{
"date": "2015-04-09T16:30:50",
"db": "PACKETSTORM",
"id": "131359"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-01-12T21:48:37",
"db": "PACKETSTORM",
"id": "129893"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-04-14T18:54:44",
"db": "PACKETSTORM",
"id": "131408"
},
{
"date": "2015-01-09T02:01:10",
"db": "PACKETSTORM",
"id": "129867"
},
{
"date": "2015-01-22T01:35:41",
"db": "PACKETSTORM",
"id": "130051"
},
{
"date": "2015-01-09T02:59:01.287000",
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3571"
},
{
"date": "2017-05-02T04:07:00",
"db": "BID",
"id": "71937"
},
{
"date": "2017-10-20T01:29:03.410000",
"db": "NVD",
"id": "CVE-2014-3571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "71937"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL \u0027dtls1_get_record()\u0027 Function NULL Pointer Dereference Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "71937"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
}
],
"trust": 0.4
}
}
var-201412-0519
Vulnerability from variot
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2014-3570]
III. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- .
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- .
References:
CVE-2015-0235 (SSRT101953) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ThinPro Linux (x86) v5.1 HP ThinPro Linux (x86) v5.0 HP ThinPro Linux (x86) v4.4 HP ThinPro Linux (x86) v4.3 HP ThinPro Linux (x86) v4.2 HP ThinPro Linux (x86) v4.1 HP ThinPro Linux (ARM) v4.4 HP ThinPro Linux (ARM) v4.3 HP ThinPro Linux (ARM) v4.2 HP ThinPro Linux (ARM) v4.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve the vulnerability for HP ThinPro Linux.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
.
Release Date: 2015-02-25 Last Updated: 2015-02-25
Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilites
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 25 February 2015 Initial release Version:2 (rev.2) - 25 February 2015 Corrected bulletin number
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "bladecenter advanced management module 3.66k",
"scope": null,
"trust": 0.9,
"vendor": "ibm",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "integrated lights out manager",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sun system firmware) 8.7.2.b"
},
{
"model": "integrated lights out manager",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sun system firmware) 9.4.2e"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle mobile security suite mss 3.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.1"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.2"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.3"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.4"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.1"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.2"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.3"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.4"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.0"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.1"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli netcool/reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "insight control server provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.4"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.10"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "openflow agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 12.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.2"
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize 6.4storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v3500v3700"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.5"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "gpfs for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "version control repository manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "insight control",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "server migration pack",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "junos os 12.3x48-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71934"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_core_session_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:thinpro_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "130548"
}
],
"trust": 0.5
},
"cve": "CVE-2014-3569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3569",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3569",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3569",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2014-3569",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-01-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2014-3570]\n\nIII. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150108.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2015-0235 (SSRT101953)\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP ThinPro Linux (x86) v5.1\nHP ThinPro Linux (x86) v5.0\nHP ThinPro Linux (x86) v4.4\nHP ThinPro Linux (x86) v4.3\nHP ThinPro Linux (x86) v4.2\nHP ThinPro Linux (x86) v4.1\nHP ThinPro Linux (ARM) v4.4\nHP ThinPro Linux (ARM) v4.3\nHP ThinPro Linux (ARM) v4.2\nHP ThinPro Linux (ARM) v4.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve the vulnerability\nfor HP ThinPro Linux. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. This could lead to a Denial Of Service attack. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nRelease Date: 2015-02-25\nLast Updated: 2015-02-25\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilites\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 25 February 2015 Initial release\nVersion:2 (rev.2) - 25 February 2015 Corrected bulletin number\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3569"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "BID",
"id": "71934"
},
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130548"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3569",
"trust": 3.0
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "71934",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU98974537",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91828320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2014-3569",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130548",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "BID",
"id": "71934"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130548"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"id": "VAR-201412-0519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42091520000000004
},
"last_update_date": "2024-09-19T20:08:38.863000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "#3571: Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled",
"trust": 1.6,
"url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
},
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204659"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204659"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"title": "HPSBMU03397",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"title": "HPSBMU03409",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"title": "HPSBHF03289",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"title": "HPSBMU03413",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"title": "HPSBOV03318",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"title": "HPSBUX03162",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"title": "HPSBMU03380",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"title": "HPSBUX03244 SSRT101885",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04556853"
},
{
"title": "HPSBMU03396",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"title": "HPSBMU03611",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888"
},
{
"title": "HPSBMU03612",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380"
},
{
"title": "NV15-017",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
},
{
"title": "commit 392fa7a",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
},
{
"title": "commit b829247",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
},
{
"title": "no-ssl3 configuration sets method to NULL (CVE-2014-3569)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"title": "commit 6ce9687",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Oracle Third Party Bulletin - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "CVE-2014-3569",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
},
{
"title": "CVE-2014-3569",
"trust": 0.8,
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
},
{
"title": "TLSA-2015-2",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2015/TLSA-2015-2j.html"
},
{
"title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20150327b.html"
},
{
"title": "Red Hat: CVE-2014-3569",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3569"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71934"
},
{
"trust": 1.1,
"url": "https://security-tracker.debian.org/tracker/cve-2014-3569"
},
{
"trust": 1.1,
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html"
},
{
"trust": 1.1,
"url": "http://rt.openssl.org/ticket/display.html?id=3571\u0026user=guest\u0026pass=guest"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=b82924741b4bd590da890619be671f4635e46c2b"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98974537/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91828320/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3569"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903784"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902374"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959633"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3569"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150108.txt"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/info/insightcontrol"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "BID",
"id": "71934"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130548"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"db": "BID",
"id": "71934"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130548"
},
{
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"date": "2014-10-17T00:00:00",
"db": "BID",
"id": "71934"
},
{
"date": "2014-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"date": "2015-08-26T01:33:25",
"db": "PACKETSTORM",
"id": "133318"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-03-27T20:42:44",
"db": "PACKETSTORM",
"id": "131044"
},
{
"date": "2015-03-24T17:05:09",
"db": "PACKETSTORM",
"id": "130987"
},
{
"date": "2016-06-02T19:12:12",
"db": "PACKETSTORM",
"id": "137292"
},
{
"date": "2015-01-09T02:01:10",
"db": "PACKETSTORM",
"id": "129867"
},
{
"date": "2015-02-26T17:13:45",
"db": "PACKETSTORM",
"id": "130548"
},
{
"date": "2014-12-24T11:59:00.057000",
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3569"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71934"
},
{
"date": "2016-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007389"
},
{
"date": "2023-11-07T02:20:13.593000",
"db": "NVD",
"id": "CVE-2014-3569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "71934"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL of s23_srvr.c of ssl23_get_client_hello Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "71934"
}
],
"trust": 0.3
}
}
var-201607-0655
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5448",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94267",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5448",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5448",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5448",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94267",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027SNMP\u0027 protocol. The \u0027SNMP\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5448",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92008",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94267",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"id": "VAR-201607-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:17:29.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63172"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92008"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5448"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5448"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"date": "2016-07-21T10:15:03.867000",
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"date": "2017-09-01T01:29:29.507000",
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In SNMP Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
}
}
var-202103-1463
Vulnerability from variot
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:1189-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1189 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 =====================================================================
- Summary:
An update is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Changes to the redhat-release-virtualization-host component:
- Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. In this release, the redhat-support-tool has been added. (BZ#1928607)
Security Fix(es):
-
openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
The system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition 1895832 - RHVH 4.4.3: No response when clicking button "Help" in Anaconda GUI 1907306 - "sysstat" doesn't collect data for upgraded RHVH 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade 1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. 1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError 1927395 - RHVH, protecting key packages from being removed. 1928607 - redhat-support-tool is missing from latest RHV-H 4.4 1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async 1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3
- Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: boost-1.66.0-10.el8.src.rpm dyninst-10.1.0-4.el8.src.rpm gcc-8.3.1-5.1.el8.src.rpm isl-0.16.1-6.el8.src.rpm libmpc-1.0.2-9.el8.src.rpm libxcrypt-4.1.1-4.el8.src.rpm make-4.2.1-10.el8.src.rpm redhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm tbb-2018.2-9.el8.src.rpm zip-3.0-23.el8.src.rpm
noarch: redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm vim-filesystem-8.0.1763-15.el8.noarch.rpm
x86_64: boost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm boost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm boost-container-debuginfo-1.66.0-10.el8.x86_64.rpm boost-context-debuginfo-1.66.0-10.el8.x86_64.rpm boost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm boost-date-time-1.66.0-10.el8.x86_64.rpm boost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debugsource-1.66.0-10.el8.x86_64.rpm boost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm boost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm boost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm boost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm boost-log-debuginfo-1.66.0-10.el8.x86_64.rpm boost-math-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm boost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-random-debuginfo-1.66.0-10.el8.x86_64.rpm boost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm boost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm boost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm boost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm boost-system-debuginfo-1.66.0-10.el8.x86_64.rpm boost-test-debuginfo-1.66.0-10.el8.x86_64.rpm boost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm boost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm boost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm boost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm compat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm cpp-8.3.1-5.1.el8.x86_64.rpm cpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm dyninst-10.1.0-4.el8.x86_64.rpm dyninst-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-debugsource-10.1.0-4.el8.x86_64.rpm dyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm gcc-8.3.1-5.1.el8.x86_64.rpm gcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debugsource-8.3.1-5.1.el8.x86_64.rpm gcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm glibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm glibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm glibc-devel-2.28-127.el8_3.2.x86_64.rpm glibc-headers-2.28-127.el8_3.2.x86_64.rpm isl-0.16.1-6.el8.x86_64.rpm isl-debugsource-0.16.1-6.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm libasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgcc-8.3.1-5.1.el8.x86_64.rpm libgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-8.3.1-5.1.el8.x86_64.rpm libgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm libitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm liblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libmpc-1.0.2-9.el8.x86_64.rpm libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm libmpc-debugsource-1.0.2-9.el8.x86_64.rpm libquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm libstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm libtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm libxcrypt-devel-4.1.1-4.el8.x86_64.rpm make-4.2.1-10.el8.x86_64.rpm make-debugsource-4.2.1-10.el8.x86_64.rpm perf-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm tbb-2018.2-9.el8.x86_64.rpm tbb-debugsource-2018.2-9.el8.x86_64.rpm vim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-common-8.0.1763-15.el8.x86_64.rpm vim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debugsource-8.0.1763-15.el8.x86_64.rpm vim-enhanced-8.0.1763-15.el8.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm zip-3.0-23.el8.x86_64.rpm zip-debugsource-3.0-23.el8.x86_64.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: imgbased-1.2.18-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm scap-security-guide-0.1.50-1.el8ev.src.rpm
noarch: imgbased-1.2.18-0.1.el8ev.noarch.rpm python3-imgbased-1.2.18-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm scap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG sOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe kK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03 1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW 0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind khmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA bvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo Z6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+ PrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq hCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH jINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa da5fQnRzZzc= =xbcY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storagegrid",
"scope": "eq",
"trust": 2.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.1"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "nessus agent",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.1"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "capture client",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.6.24"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1h"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "18.0"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "19.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1-r1456"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "nessus agent",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "17.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.11"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 1.1
},
"cve": "CVE-2021-3450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3450",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-388430",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3450",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388430",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:1189-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1189\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Virtualization 4 for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a\nspecial build of Red Hat Enterprise Linux with only the packages required\nto host virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nChanges to the redhat-release-virtualization-host component:\n\n* Previously, the redhat-support-tool was missing from the RHV-H 4.4\npackage. \nIn this release, the redhat-support-tool has been added. (BZ#1928607)\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nThe system must be rebooted for this update to take effect. For the update\nto take effect, all services linked to the glibc library must be restarted,\nor the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition\n1895832 - RHVH 4.4.3: No response when clicking button \"Help\" in Anaconda GUI\n1907306 - \"sysstat\" doesn\u0027t collect data for upgraded RHVH\n1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade\n1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. \n1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError\n1927395 - RHVH, protecting key packages from being removed. \n1928607 - redhat-support-tool is missing from latest RHV-H 4.4\n1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async\n1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nboost-1.66.0-10.el8.src.rpm\ndyninst-10.1.0-4.el8.src.rpm\ngcc-8.3.1-5.1.el8.src.rpm\nisl-0.16.1-6.el8.src.rpm\nlibmpc-1.0.2-9.el8.src.rpm\nlibxcrypt-4.1.1-4.el8.src.rpm\nmake-4.2.1-10.el8.src.rpm\nredhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm\ntbb-2018.2-9.el8.src.rpm\nzip-3.0-23.el8.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm\nvim-filesystem-8.0.1763-15.el8.noarch.rpm\n\nx86_64:\nboost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-container-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-context-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-date-time-1.66.0-10.el8.x86_64.rpm\nboost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-debugsource-1.66.0-10.el8.x86_64.rpm\nboost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-log-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-math-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-random-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-system-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-test-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm\nboost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm\nbpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\ncompat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm\ncpp-8.3.1-5.1.el8.x86_64.rpm\ncpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ndyninst-10.1.0-4.el8.x86_64.rpm\ndyninst-debuginfo-10.1.0-4.el8.x86_64.rpm\ndyninst-debugsource-10.1.0-4.el8.x86_64.rpm\ndyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm\ndyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm\ngcc-8.3.1-5.1.el8.x86_64.rpm\ngcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-debugsource-8.3.1-5.1.el8.x86_64.rpm\ngcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm\ngcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nglibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm\nglibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm\nglibc-devel-2.28-127.el8_3.2.x86_64.rpm\nglibc-headers-2.28-127.el8_3.2.x86_64.rpm\nisl-0.16.1-6.el8.x86_64.rpm\nisl-debugsource-0.16.1-6.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\nlibasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgcc-8.3.1-5.1.el8.x86_64.rpm\nlibgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nliblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibmpc-1.0.2-9.el8.x86_64.rpm\nlibmpc-debuginfo-1.0.2-9.el8.x86_64.rpm\nlibmpc-debugsource-1.0.2-9.el8.x86_64.rpm\nlibquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm\nlibxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm\nlibxcrypt-devel-4.1.1-4.el8.x86_64.rpm\nmake-4.2.1-10.el8.x86_64.rpm\nmake-debugsource-4.2.1-10.el8.x86_64.rpm\nperf-4.18.0-240.22.1.el8_3.x86_64.rpm\nperf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\npython3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm\ntbb-2018.2-9.el8.x86_64.rpm\ntbb-debugsource-2018.2-9.el8.x86_64.rpm\nvim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-common-8.0.1763-15.el8.x86_64.rpm\nvim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-debugsource-8.0.1763-15.el8.x86_64.rpm\nvim-enhanced-8.0.1763-15.el8.x86_64.rpm\nvim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm\nvim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm\nzip-3.0-23.el8.x86_64.rpm\nzip-debugsource-3.0-23.el8.x86_64.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nimgbased-1.2.18-0.1.el8ev.src.rpm\nredhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm\nscap-security-guide-0.1.50-1.el8ev.src.rpm\n\nnoarch:\nimgbased-1.2.18-0.1.el8ev.noarch.rpm\npython3-imgbased-1.2.18-0.1.el8ev.noarch.rpm\nredhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm\nscap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG\nsOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe\nkK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03\n1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW\n0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind\nkhmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA\nbvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo\nZ6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+\nPrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq\nhCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH\njINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa\nda5fQnRzZzc=\n=xbcY\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
},
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3450",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-08",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2160",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1191",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2259.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1378",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1445",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1127",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2408",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1727",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1082.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1075",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051226",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050609",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041940",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101938",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042114",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101261",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072056",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071904",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072765",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052216",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"id": "VAR-202103-1463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
}
],
"trust": 0.430409355
},
"last_update_date": "2024-09-19T21:03:53.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenSSL Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146028"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.7,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6486347"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052216"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1445"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1727"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1406"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162172/red-hat-security-advisory-2021-1189-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1378"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162307/red-hat-security-advisory-2021-1338-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162699/red-hat-security-advisory-2021-2041-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042502"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162013/red-hat-security-advisory-2021-1024-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6523070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161984/ubuntu-security-notice-usn-4891-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2259.2"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163257/red-hat-security-advisory-2021-2130-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051226"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072765"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1225"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041615"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071904"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1075"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1082.2"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042114"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101938"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1191"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050609"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101261"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162196/red-hat-security-advisory-2021-1199-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2408"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041940"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1757"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6479351"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2021-05-19T14:19:18",
"db": "PACKETSTORM",
"id": "162694"
},
{
"date": "2021-04-14T16:31:48",
"db": "PACKETSTORM",
"id": "162172"
},
{
"date": "2021-04-23T15:10:34",
"db": "PACKETSTORM",
"id": "162307"
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2021-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"date": "2021-03-25T15:15:13.560000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"date": "2023-11-07T03:38:00.923000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
}
}
var-201607-0665
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'LUMAIN' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0665",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-5457",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-94276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5457",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5457",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5457",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-821",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94276",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027LUMAIN\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5457",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91995",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5457",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"id": "VAR-201607-0665",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:16:04.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63181"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91995"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5457"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94276"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91995"
},
{
"date": "2016-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"date": "2016-07-21T10:15:13.677000",
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94276"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91995"
},
{
"date": "2016-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-821"
},
{
"date": "2017-09-01T01:29:29.977000",
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In LUMAIN Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
}
}
var-201503-0050
Vulnerability from variot
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to trigger denial-of-service conditions. Versions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================ Ubuntu Security Notice USN-2523-1 March 10, 2015
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)
Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. This issue only affected Ubuntu 14.10. (CVE-2014-3583)
It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. This issue only affected Ubuntu 14.10. (CVE-2014-8109)
Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. This issue only affected Ubuntu 14.10. (CVE-2015-0228)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: apache2.2-bin 2.4.10-1ubuntu1.1
Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.4
Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.8
Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.15
In general, a standard system update will make all the necessary changes.
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module.
mod_lua.c in the mod_lua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory (CVE-2014-8109). A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers (CVE-2013-5704).
Note: With this update, httpd has been modified to not merge HTTP Trailer headers with other HTTP request headers. A newly introduced configuration directive MergeTrailers can be used to re-enable the old method of processing Trailer headers, which also re-introduces the aforementioned flaw.
This update also fixes the following bug:
Prior to this update, the mod_proxy_wstunnel module failed to set up an SSL connection when configured to use a back end server using the wss: URL scheme, causing proxied connections to fail. In these updated packages, SSL is used when proxying to wss: back end servers (rhbz#1141950). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ 7XU6s8wMPlxQucpKSIVIKYI= =4uS5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd24-httpd security update Advisory ID: RHSA-2015:1666-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html Issue date: 2015-08-24 CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 =====================================================================
- Summary:
Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)
Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue.
A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. (CVE-2015-0228)
A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253)
All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0228 https://access.redhat.com/security/cve/CVE-2015-0253 https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H y5DWl0MjeqKeAOHiddwyDdU= =yzQP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185
BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. CVE-ID CVE-2014-8500 CVE-2015-1349
PostgreSQL Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167
Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center
OS X Server 5.0.3 may be obtained from the Mac App Store.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. * CVE-2015-3183: core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz
Slackware 14.1 package: ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz
Slackware -current package: 01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz
Slackware x86_64 -current package: 70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg httpd-2.4.16-i486-1_slack14.1.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "lte",
"trust": 1.8,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.0.3 (os x yosemite v10.10.5 or later )"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "13.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x5.0.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.13"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:enterprise_manager_ops_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0228",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0228",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0228",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-136",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78174",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0228",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability. \nA remote attacker may exploit this issue to trigger denial-of-service conditions. \nVersions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================\nUbuntu Security Notice USN-2523-1\nMarch 10, 2015\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\nhandled long response headers. This\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different\narguments within different contexts. This issue only affected\nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a\nspecially crafted websocket PING in certain circumstances. This issue only affected\nUbuntu 14.10. (CVE-2015-0228)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n apache2.2-bin 2.4.10-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n apache2.2-bin 2.4.7-1ubuntu4.4\n\nUbuntu 12.04 LTS:\n apache2.2-bin 2.2.22-1ubuntu1.8\n\nUbuntu 10.04 LTS:\n apache2.2-bin 2.2.14-5ubuntu8.15\n\nIn general, a standard system update will make all the necessary changes. \n \n A race condition flaw, leading to heap-based buffer overflows,\n was found in the mod_status httpd module. \n \n mod_lua.c in the mod_lua module in the Apache HTTP Server through\n 2.4.10 does not support an httpd configuration in which the same\n Lua authorization provider is used with different arguments within\n different contexts, which allows remote attackers to bypass intended\n access restrictions in opportunistic circumstances by leveraging\n multiple Require directives, as demonstrated by a configuration that\n specifies authorization for one group to access a certain directory,\n and authorization for a second group to access a second directory\n (CVE-2014-8109). A malicious client could\n use Trailer headers to set additional HTTP headers after header\n processing was performed by other modules. This could, for example,\n lead to a bypass of header restrictions defined with mod_headers\n (CVE-2013-5704). \n \n Note: With this update, httpd has been modified to not merge HTTP\n Trailer headers with other HTTP request headers. A newly introduced\n configuration directive MergeTrailers can be used to re-enable the\n old method of processing Trailer headers, which also re-introduces\n the aforementioned flaw. \n \n This update also fixes the following bug:\n \n Prior to this update, the mod_proxy_wstunnel module failed to set\n up an SSL connection when configured to use a back end server using\n the wss: URL scheme, causing proxied connections to fail. In these\n updated packages, SSL is used when proxying to wss: back end servers\n (rhbz#1141950). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ\n7XU6s8wMPlxQucpKSIVIKYI=\n=4uS5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd security update\nAdvisory ID: RHSA-2015:1666-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html\nIssue date: 2015-08-24\nCVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 \n CVE-2015-3185 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd24-httpd packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nIt was discovered that in httpd 2.4, the internal API function\nap_some_auth_required() could incorrectly indicate that a request was\nauthenticated even when no authentication was used. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. (CVE-2015-3185)\n\nNote: This update introduces new a new API function,\nap_some_authn_required(), which correctly indicates if a request is\nauthenticated. External httpd modules using the old API function should be\nmodified to use the new one to completely resolve this issue. \n\nA denial of service flaw was found in the way the mod_lua httpd module\nprocessed certain WebSocket Ping requests. (CVE-2015-0228)\n\nA NULL pointer dereference flaw was found in the way httpd generated\ncertain error responses. A remote attacker could possibly use this flaw to\ncrash the httpd child process using a request that triggers a certain HTTP\nerror. (CVE-2015-0253)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0228\nhttps://access.redhat.com/security/cve/CVE-2015-0253\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3185\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H\ny5DWl0MjeqKeAOHiddwyDdU=\n=yzQP\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These issues were addressed by updating Apache to\nversion 2.4.16. \nCVE-ID\nCVE-2013-5704\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\nBIND\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in BIND, the most severe of which\nmay allow a remote attacker to cause a denial of service\nDescription: Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7. These issues were addressed by updating BIND to version\n9.9.7. \nCVE-ID\nCVE-2014-8500\nCVE-2015-1349\n\nPostgreSQL\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PostgreSQL versions\nprior to 9.3.9. These issues were addressed by updating PostgreSQL to\nversion 9.3.9. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\nCVE-2015-3165\nCVE-2015-3166\nCVE-2015-3167\n\nWiki Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple XML security issues in Wiki Server\nDescription: Multiple XML vulnerabilities existed in Wiki Server\nbased on Twisted. This issue was addressed by removing Twisted. \nCVE-ID\nCVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research\nCenter\n\n\nOS X Server 5.0.3 may be obtained from the Mac App Store. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. \n This update fixes the following security issues:\n * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local\n URL-path with the INCLUDES filter active, introduced in 2.4.11. \n * CVE-2015-3183: core: Fix chunk header parsing defect. Remove\n apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n filter, parse chunks in a single pass with zero copy. Limit accepted\n chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. \n * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache\n httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz\n\nSlackware x86_64 -current package:\n70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.16-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0228",
"trust": 3.4
},
{
"db": "BID",
"id": "91787",
"trust": 2.1
},
{
"db": "BID",
"id": "73041",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1032967",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133281",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132743",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78174",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131098",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133619",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"id": "VAR-201503-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:55:20.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "APPLE-SA-2015-09-16-4 OS X Server 5.0.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"title": "HT205219",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205219"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT205031"
},
{
"title": "HT205219",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205219"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205031"
},
{
"title": "Apache 2.4.13",
"trust": 0.8,
"url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES"
},
{
"title": "*) SECURITY: CVE-2015-0228 (cve.mitre.org)",
"trust": 0.8,
"url": "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "modules-lua-lua_request.c",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54055"
},
{
"title": "Red Hat: CVE-2015-0228",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0228"
},
{
"title": "Amazon Linux AMI: ALAS-2015-579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-579"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2523-1"
},
{
"title": "DC-2: Vulnhub Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://advisories.mageia.org/mgasa-2015-0099.html"
},
{
"trust": 2.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1666.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2523-1"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/73041"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205219"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032967"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html"
},
{
"trust": 1.2,
"url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes"
},
{
"trust": 1.2,
"url": "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"trust": 1.2,
"url": "https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0228"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"trust": 0.6,
"url": "https://github.com/apache/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/branches/2.4.x/changes"
},
{
"trust": 0.6,
"url": "http://svn.apache.org/repos/asf/"
},
{
"trust": 0.6,
"url": "httpd/commit/78eb3b9235515652ed141353d98c239237030410"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0228"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2523-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.15"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0305.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5704"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0527.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5704"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0118"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0135.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0011.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6438"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3581"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0117"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0253"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3166"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3165"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0244"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78174"
},
{
"date": "2015-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2015-03-11T00:00:00",
"db": "BID",
"id": "73041"
},
{
"date": "2015-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"date": "2015-03-10T16:02:55",
"db": "PACKETSTORM",
"id": "130735"
},
{
"date": "2015-03-30T21:25:14",
"db": "PACKETSTORM",
"id": "131098"
},
{
"date": "2015-08-24T22:06:47",
"db": "PACKETSTORM",
"id": "133281"
},
{
"date": "2015-09-19T15:37:27",
"db": "PACKETSTORM",
"id": "133619"
},
{
"date": "2015-07-20T15:45:36",
"db": "PACKETSTORM",
"id": "132743"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"date": "2015-03-08T02:59:00.073000",
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-78174"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-20T12:03:00",
"db": "BID",
"id": "73041"
},
{
"date": "2016-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"date": "2023-11-07T02:23:19.863000",
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server of mod_lua Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
],
"trust": 0.6
}
}
var-201505-0233
Vulnerability from variot
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable.
-
VCX v9.8.17 for the following Products/SKUs:
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
HISTORY Version:1 (rev.1) - 16 December 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. 6) - i386, x86_64
- Description:
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)
Note: This update forces the TLS/SSL client implementation in IBM JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All running instances of IBM Java must be restarted for the update to take effect. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Gentoo Linux Security Advisory GLSA 201603-11
https://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: March 12, 2016 Bugs: #525472, #540054, #546678, #554886, #563684, #572432 ID: 201603-11
Synopsis
Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service.
Background
Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jre-bin < 1.8.0.72 >= 1.8.0.72 2 dev-java/oracle-jdk-bin < 1.8.0.72 >= 1.8.0.72 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities exist in both Oracle's JRE and JDK. Please review the referenced CVE's for additional information.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JRE Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.72"
All Oracle JDK Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.72"
References
[ 1 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 2 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 3 ] CVE-2015-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458 [ 4 ] CVE-2015-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459 [ 5 ] CVE-2015-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460 [ 6 ] CVE-2015-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469 [ 7 ] CVE-2015-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470 [ 8 ] CVE-2015-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477 [ 9 ] CVE-2015-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478 [ 10 ] CVE-2015-0480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480 [ 11 ] CVE-2015-0484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484 [ 12 ] CVE-2015-0486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486 [ 13 ] CVE-2015-0488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488 [ 14 ] CVE-2015-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491 [ 15 ] CVE-2015-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492 [ 16 ] CVE-2015-2590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590 [ 17 ] CVE-2015-2601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601 [ 18 ] CVE-2015-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613 [ 19 ] CVE-2015-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619 [ 20 ] CVE-2015-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621 [ 21 ] CVE-2015-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625 [ 22 ] CVE-2015-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627 [ 23 ] CVE-2015-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628 [ 24 ] CVE-2015-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632 [ 25 ] CVE-2015-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637 [ 26 ] CVE-2015-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638 [ 27 ] CVE-2015-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659 [ 28 ] CVE-2015-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664 [ 29 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 30 ] CVE-2015-4729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729 [ 31 ] CVE-2015-4731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731 [ 32 ] CVE-2015-4732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732 [ 33 ] CVE-2015-4733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733 [ 34 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 35 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 36 ] CVE-2015-4736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736 [ 37 ] CVE-2015-4748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748 [ 38 ] CVE-2015-4760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760 [ 39 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 40 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 41 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 42 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 43 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 44 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 45 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 46 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 47 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 48 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 49 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 50 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 51 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 52 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 53 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 54 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 55 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 56 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 57 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 58 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 59 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 60 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 61 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 62 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 63 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 64 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 65 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 66 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 67 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 68 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 69 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 70 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 71 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 72 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 73 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 74 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 75 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 76 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 77 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 78 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 79 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 80 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 81 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 82 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 83 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 84 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 85 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 86 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 87 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840 [ 88 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04773004
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04773004 Version: 1
HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-25 Last Updated: 2015-08-25
Potential Security Impact: Remote unauthorized modification, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Integration Adaptor. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information.
References:
CVE-2015-4000 - "Logjam" CVE-2015-2808 - "Bar Mitzvah" SSRT102214
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Integration Adaptor v9.12.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following mitigation information available to resolve the vulnerability for the impacted versions of HP Integration Adaptor.
Please consult HP Software Support Online (SSO):
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face
tsearch/document/KM01763510?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE
HISTORY Version:1 (rev.1) - 25 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Customers unable to apply the update should contact HPE Support to discuss options. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 update Advisory ID: RHSA-2016:2056-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2056.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
-
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute
- References:
https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX/nC9XlSAg2UNWIIRAnxyAJ9e/4EllYuokmkD6tLkfhHL3pZ0mQCgh8zG yB8E4qH53UH71bMzQwek8yU= =eQHg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [11 Jun 2015] =======================================
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).
OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n
Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.
Malformed ECParameters causes infinite loop (CVE-2015-1788)
Severity: Moderate
When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.
This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. 1.0.0d and 0.9.8r and below are affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.
Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
Severity: Moderate
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.
PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
Severity: Moderate
The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.
CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Severity: Moderate
When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.
This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Race condition handling NewSessionTicket (CVE-2015-1791)
Severity: Low
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.
Invalid free in DTLS (CVE-2014-8176)
Severity: Moderate
This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.
If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.
This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.
The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox os",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.2"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "2.35"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "39.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.19"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "sparc-opl service processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1121"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r28.3.6"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "b.11.31"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.9,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.3"
},
{
"model": "security network controller 1.0.3361m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "registered envelope service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "junos 12.1x44-d33",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "junos 12.1x47-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.4"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "junos 13.3r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.35"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "netinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.2.2"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14"
},
{
"model": "rational automation framework ifix5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3361"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.13-34"
},
{
"model": "junos 12.1x44-d51",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "agent for openflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "imc products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.16-37"
},
{
"model": "digital media players 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos 12.1x44-d50",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "junos 12.3x48-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4-23"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.25-57"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-43"
},
{
"model": "telepresence conductor xc4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.16"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "ethernet switch es2-64",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.15"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "junos 12.3x48-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "junos d30",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.11-28"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "ethernet switch es2-72",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "junos 15.1r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.36"
},
{
"model": "security network controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "junos 14.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5.1"
},
{
"model": "junos 14.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-64",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.34"
},
{
"model": "digital media players 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "jd edwards world security a9.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "junos 13.3r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60000"
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "registered envelope service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.1"
},
{
"model": "aspera orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "junos 12.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-72",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "partner supporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9.15.9.8"
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15-36"
},
{
"model": "junos 12.1x44-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d40",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller 1.0.3379m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "50"
},
{
"model": "prime network services controller 3.4.1c",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.0"
},
{
"model": "hp-ux b.11.11.16.09",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "webex messenger service ep1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9.9"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.15"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2919"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "hp-ux b.11.11.13.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 14.1r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "70"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.13"
},
{
"model": "10.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "hp-ux b.11.23.1.007",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "prime security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.4.2-4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.29-9"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "industrial router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9100"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "security network controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "rational tau interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "local collector appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.10"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 13.2x51-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "junos 14.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "digital media players",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "hp-ux b.11.11.02.008",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x44-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aspera point to point",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "webex messenger service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x46-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netinsight",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.14"
},
{
"model": "junos 12.1x47-d11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.3r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r7",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "esight network v300r003c10spc201",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "socialminer",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "junos 14.2r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "aspera faspex application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.2"
},
{
"model": "asa cx and cisco prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 13.2x51-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x47-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "model d9485 davic qpsk",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "junos d35",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "vcx products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "junos 12.1x47-d45",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "nexus series fex",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1.0"
},
{
"model": "security network controller 1.0.3381m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "junos 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "rational tau interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "hp-ux b.11.11.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.18-49"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "virtual security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "puredata system for analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "industrial router 1.2.1rb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "910"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13-41"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.31"
},
{
"model": "hp-ux b.11.23.07.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "unified attendant console standard",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.2d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3381"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9-34"
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "security proventia network active bypass 0343c3c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "junos 12.1x46-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "junos 12.3r11",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.2"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "junos 13.3r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "esight network v300r003c10spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "junos 15.1x49-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3376"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-42"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "junos 14.1r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.4"
},
{
"model": "aspera enterprise server client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "aspera ondemand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.4"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "junos 12.3r9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1876"
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "connected analytics for collaboration",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud service automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "hp-ux b.11.11.14.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "webex node for mcs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d35.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "junos 12.3x48-d30",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.32"
},
{
"model": "virtual security gateway for microsoft hyper-v",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2.2.13"
},
{
"model": "services analytic platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "switch es1-24",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3.1.3"
},
{
"model": "security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.9"
},
{
"model": "security network controller 1.0.3376m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3379"
},
{
"model": "junos 13.2x51-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "hp-ux b.11.11.15.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "junos 15.1x49-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.2r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "model d9485 davic qpsk",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.19"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.33"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun network 10ge switch 72p",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.2.15"
},
{
"model": "junos 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.3r10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x44-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Langley of Google and David Benjamin of BoringSSL.",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2015-4000",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4000",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-428",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. \n\n + VCX v9.8.17 for the following Products/SKUs:\n\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 16 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,\nCVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638,\nCVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733,\nCVE-2015-4748, CVE-2015-4749, CVE-2015-4760)\n\nNote: This update forces the TLS/SSL client implementation in IBM JDK to\nreject DH key sizes below 768 bits to address the CVE-2015-4000 issue. \nRefer to Red Hat Bugzilla bug 1223211, linked to in the References section,\nfor additional details about this change. All running\ninstances of IBM Java must be restarted for the update to take effect. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)\n1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)\n1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)\n1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)\n1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)\n1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)\n1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)\n1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)\n1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)\n1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)\n1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)\n1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)\n1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)\n1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)\n1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201603-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: March 12, 2016\n Bugs: #525472, #540054, #546678, #554886, #563684, #572432\n ID: 201603-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle\u0027s JRE and JDK\nsoftware suites allowing remote attackers to remotely execute arbitrary\ncode, obtain information, and cause Denial of Service. \n\nBackground\n==========\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy\nJava applications on desktops and servers, as well as in today\u0027s\ndemanding embedded environments. Java offers the rich user interface,\nperformance, versatility, portability, and security that today\u0027s\napplications require. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/oracle-jre-bin \u003c 1.8.0.72 \u003e= 1.8.0.72\n 2 dev-java/oracle-jdk-bin \u003c 1.8.0.72 \u003e= 1.8.0.72\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities exist in both Oracle\u0027s JRE and JDK. Please\nreview the referenced CVE\u0027s for additional information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.8.0.72\"\n\nAll Oracle JDK Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.8.0.72\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 2 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 3 ] CVE-2015-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458\n[ 4 ] CVE-2015-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459\n[ 5 ] CVE-2015-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460\n[ 6 ] CVE-2015-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469\n[ 7 ] CVE-2015-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470\n[ 8 ] CVE-2015-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477\n[ 9 ] CVE-2015-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478\n[ 10 ] CVE-2015-0480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480\n[ 11 ] CVE-2015-0484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484\n[ 12 ] CVE-2015-0486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486\n[ 13 ] CVE-2015-0488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488\n[ 14 ] CVE-2015-0491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491\n[ 15 ] CVE-2015-0492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492\n[ 16 ] CVE-2015-2590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590\n[ 17 ] CVE-2015-2601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601\n[ 18 ] CVE-2015-2613\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613\n[ 19 ] CVE-2015-2619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619\n[ 20 ] CVE-2015-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621\n[ 21 ] CVE-2015-2625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625\n[ 22 ] CVE-2015-2627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627\n[ 23 ] CVE-2015-2628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628\n[ 24 ] CVE-2015-2632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632\n[ 25 ] CVE-2015-2637\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637\n[ 26 ] CVE-2015-2638\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638\n[ 27 ] CVE-2015-2659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659\n[ 28 ] CVE-2015-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664\n[ 29 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n[ 30 ] CVE-2015-4729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729\n[ 31 ] CVE-2015-4731\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731\n[ 32 ] CVE-2015-4732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732\n[ 33 ] CVE-2015-4733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733\n[ 34 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 35 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 36 ] CVE-2015-4736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736\n[ 37 ] CVE-2015-4748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748\n[ 38 ] CVE-2015-4760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760\n[ 39 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 40 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 41 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 42 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 43 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 44 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 45 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 46 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 47 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 48 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 49 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 50 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 51 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 52 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 53 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 54 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 55 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 56 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 57 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 58 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 59 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 60 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 61 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 62 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 63 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 64 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 65 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 66 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 67 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 68 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 69 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 70 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 71 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 72 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 73 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 74 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 75 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 76 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 77 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 78 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 79 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 80 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 81 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 82 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 83 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 84 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 85 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 86 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 87 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n[ 88 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04773004\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04773004\nVersion: 1\n\nHPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification,\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-25\nLast Updated: 2015-08-25\n\nPotential Security Impact: Remote unauthorized modification, disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in HP Integration\nAdaptor. \n - The RC4 stream cipher vulnerability in SSL/TLS known as \"Bar Mitzvah\"\ncould be exploited remotely to allow disclosure of information. \n\nReferences:\n\nCVE-2015-4000 - \"Logjam\"\nCVE-2015-2808 - \"Bar Mitzvah\"\nSSRT102214\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Integration Adaptor v9.12. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following mitigation information available to resolve the\nvulnerability for the impacted versions of HP Integration Adaptor. \n\n Please consult HP Software Support Online (SSO):\n\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face\ntsearch/document/KM01763510?lang=en\u0026cc=us\u0026hpappid=113963_OSP_PRO_HPE\n\nHISTORY\nVersion:1 (rev.1) - 25 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Customers unable to apply the update should contact\nHPE Support to discuss options. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 update\nAdvisory ID: RHSA-2016:2056-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2056.html\nIssue date: 2016-10-12\nCVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these\nupdated packages. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n3. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nC9XlSAg2UNWIIRAnxyAJ9e/4EllYuokmkD6tLkfhHL3pZ0mQCgh8zG\nyB8E4qH53UH71bMzQwek8yU=\n=eQHg\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates. This includes TLS clients and TLS servers with\nclient authentication enabled. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "134902"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "136247"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169629"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4000",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1033891",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032932",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1036218",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033341",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033513",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032654",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032650",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032649",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032871",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032653",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1034728",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1034884",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033222",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032699",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032759",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033064",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032476",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032688",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1040630",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032645",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032475",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032656",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1034087",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032648",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033065",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032856",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033416",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032864",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033208",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032702",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033209",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032655",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032784",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033991",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033430",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032778",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032637",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032884",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033019",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032960",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032651",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032783",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032777",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033760",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032865",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032727",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033385",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032474",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033210",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032652",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032647",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033433",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1033067",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1032910",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/05/20/8",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.6
},
{
"db": "JUNIPER",
"id": "JSA10681",
"trust": 1.6
},
{
"db": "JUNIPER",
"id": "JSA10727",
"trust": 1.6
},
{
"db": "BID",
"id": "91787",
"trust": 1.6
},
{
"db": "BID",
"id": "74733",
"trust": 1.6
},
{
"db": "MCAFEE",
"id": "SB10122",
"trust": 1.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3475",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1333",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10694",
"trust": 0.3
},
{
"db": "BID",
"id": "75652",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "134902",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136247",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169629",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "134902"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "136247"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"id": "VAR-201505-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.55852813
},
"last_update_date": "2024-09-19T22:27:23Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TLS Fixing measures for protocol encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=89458"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.2,
"url": "http://support.citrix.com/article/ctx201114"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
},
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032960"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033019"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032727"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
},
{
"trust": 1.6,
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033385"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032856"
},
{
"trust": 1.6,
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-2656-2"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"trust": 1.6,
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-2656-1"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032702"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
},
{
"trust": 1.6,
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10681"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"trust": 1.6,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03831en_us"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/74733"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033222"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033341"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032932"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"trust": 1.6,
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033433"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1034884"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032474"
},
{
"trust": 1.6,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032476"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032475"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033208"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032910"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033209"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033210"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033416"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032688"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
},
{
"trust": 1.6,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.6,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032699"
},
{
"trust": 1.6,
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"trust": 1.6,
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040630"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"trust": 1.6,
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033430"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1034087"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032784"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032783"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10727"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033513"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1034728"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033760"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"trust": 1.6,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033891"
},
{
"trust": 1.6,
"url": "https://www.suse.com/security/cve/cve-2015-4000.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032884"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
},
{
"trust": 1.6,
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032647"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032645"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032649"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032648"
},
{
"trust": 1.6,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033064"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032650"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033067"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"trust": 1.6,
"url": "https://puppet.com/security/cve/cve-2015-4000"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033065"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032654"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032653"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032652"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032651"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032778"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032656"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032777"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1036218"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032655"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-2673-1"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-2696-1"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1033991"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032865"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032864"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-2706-1"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032871"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"trust": 1.6,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032759"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1032637"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"trust": 1.6,
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
},
{
"trust": 1.6,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.6,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
},
{
"trust": 1.0,
"url": "https://weakdh.org/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm11073000"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1333"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-are-vulnerabile-to-logjam/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-vulnerable-to-logjam-cve-2015-4000/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3475/"
},
{
"trust": 0.3,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/13"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/secadv_20150709.txt"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2638"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2664"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2637"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4732"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4760"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2621"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2601"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4732"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4760"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-1931"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4733"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4731"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2638"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4749"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1931"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2590"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2637"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4731"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4734"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2627"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2659"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4911"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4906"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4882"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2637"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4844"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2659"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4810"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2627"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4893"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2613"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2601"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2638"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0492"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4901"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4881"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4806"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4729"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4731"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://rt.openssl.org/ticket/display.html?id=3286"
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "134902"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "136247"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "134902"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "136247"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-09T00:00:00",
"db": "BID",
"id": "75652"
},
{
"date": "2015-12-17T06:44:54",
"db": "PACKETSTORM",
"id": "134902"
},
{
"date": "2015-08-12T19:42:09",
"db": "PACKETSTORM",
"id": "133039"
},
{
"date": "2015-07-22T22:38:54",
"db": "PACKETSTORM",
"id": "132803"
},
{
"date": "2016-03-14T14:43:36",
"db": "PACKETSTORM",
"id": "136182"
},
{
"date": "2015-08-26T23:41:29",
"db": "PACKETSTORM",
"id": "133337"
},
{
"date": "2016-03-15T13:13:00",
"db": "PACKETSTORM",
"id": "136247"
},
{
"date": "2016-10-12T23:44:55",
"db": "PACKETSTORM",
"id": "139116"
},
{
"date": "2015-06-11T12:12:12",
"db": "PACKETSTORM",
"id": "169629"
},
{
"date": "2015-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"date": "2015-05-21T00:59:00.087000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-26T05:10:00",
"db": "BID",
"id": "75652"
},
{
"date": "2023-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-428"
},
{
"date": "2023-02-09T16:15:28.840000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS Encryption problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-428"
}
],
"trust": 0.6
}
}
var-201501-0339
Vulnerability from variot
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
For the upcoming stable distribution (jessie), these problems will be fixed soon. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-3570]
III. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04602055
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04602055 Version: 1
HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-20 Last Updated: 2015-03-20
Potential Security Impact: Remote code execution, denial of service, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP ThinPro Linux This is the glibc vulnerability known as "GHOST", which could be exploited remotely to allow execution of arbitrary code. This update also addresses other vulnerabilities in SSL that would remotely allow denial of service, disclosure of information and other vulnerabilities.
References:
CVE-2015-0235 (SSRT101953) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ThinPro Linux (x86) v5.1 HP ThinPro Linux (x86) v5.0 HP ThinPro Linux (x86) v4.4 HP ThinPro Linux (x86) v4.3 HP ThinPro Linux (x86) v4.2 HP ThinPro Linux (x86) v4.1 HP ThinPro Linux (ARM) v4.4 HP ThinPro Linux (ARM) v4.3 HP ThinPro Linux (ARM) v4.2 HP ThinPro Linux (ARM) v4.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve the vulnerability for HP ThinPro Linux.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
HISTORY Version:1 (rev.1) - 20 March 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "powerlinux 7r2",
"scope": "eq",
"trust": 1.2,
"vendor": "ibm",
"version": "0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7200"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7800"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7100"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7400"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5200"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7300"
},
{
"model": "powerlinux 7r1",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "power system s822",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.00"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205635"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "flex system p270 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7954-24x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "power systems e870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-23x)0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "insight control server provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.21"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5750"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "power system s814",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.21"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.4"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.00"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.e0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems 350.e1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.00"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "mq client for hp integrity nonstop server supportpac mqc8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-0"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "general parallel file system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.03"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205577"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "websphere mq for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v6"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "security proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.00"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 12.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.00"
},
{
"model": "powerlinux 7r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.5.03.00"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power ese",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.11"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-22x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056340"
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "power system s824l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "560"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power 795",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.51"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power system s822l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504667"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205587"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.41"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter js22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-61x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.20"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.32"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "bladecenter js23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056330"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "bladecenter js43 with feature code",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x8446)0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "power system s824",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7500"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "power systems e880",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "mq appliance m2000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-42x)0"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "screenos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.20"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.02"
},
{
"model": "bladecenter js12 express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-60x)0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "version control repository manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.50"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "websphere mq client for hp integrity nonstop server supportpac",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-0"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "flex system p24l compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "websphere mq for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "power system s812l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "mobile messaging and m2m client pack (eclipse paho mqtt c client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.00"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.01"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "insight control",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "project openssl 1.0.0h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "server migration pack",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.01"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.40"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "74.90"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "flex system p260 compute node /fc efd9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5950"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "junos os 12.3x48-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.01"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "550"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504965"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-43x)0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71941"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "132763"
}
],
"trust": 0.4
},
"cve": "CVE-2015-0205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0205",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0205",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2014-3569\n\n Frank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy. \n\nCVE-2014-8275\n\n Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-3570]\n\nIII. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04602055\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04602055\nVersion: 1\n\nHPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code\nExecution, Denial of Service, Disclosure of information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-20\nLast Updated: 2015-03-20\n\nPotential Security Impact: Remote code execution, denial of service,\ndisclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP ThinPro Linux\nThis is the glibc vulnerability known as \"GHOST\", which could be exploited\nremotely to allow execution of arbitrary code. This update also addresses\nother vulnerabilities in SSL that would remotely allow denial of service,\ndisclosure of information and other vulnerabilities. \n\nReferences:\n\nCVE-2015-0235 (SSRT101953)\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP ThinPro Linux (x86) v5.1\nHP ThinPro Linux (x86) v5.0\nHP ThinPro Linux (x86) v4.4\nHP ThinPro Linux (x86) v4.3\nHP ThinPro Linux (x86) v4.2\nHP ThinPro Linux (x86) v4.1\nHP ThinPro Linux (ARM) v4.4\nHP ThinPro Linux (ARM) v4.3\nHP ThinPro Linux (ARM) v4.2\nHP ThinPro Linux (ARM) v4.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve the vulnerability\nfor HP ThinPro Linux. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n\nHISTORY\nVersion:1 (rev.1) - 20 March 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0205"
},
{
"db": "BID",
"id": "71941"
},
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0205",
"trust": 2.9
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "71941",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-0205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129880",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130051",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "BID",
"id": "71941"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"id": "VAR-201501-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42091520000000004
},
"last_update_date": "2024-09-17T22:33:37.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openssl-1.0.1k.tar.gz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53191"
},
{
"title": "openssl-1.0.0p",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53190"
},
{
"title": "openssl-0.9.8zd",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53189"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2015-0205",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0205"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-03"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "JPN_RIC13351-2",
"trust": 0.1,
"url": "https://github.com/neominds/JPN_RIC13351-2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71941"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0205"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2459-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/info/insightcontrol"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/smh"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "BID",
"id": "71941"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"db": "BID",
"id": "71941"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71941"
},
{
"date": "2015-01-12T17:17:37",
"db": "PACKETSTORM",
"id": "129880"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-08-26T01:33:07",
"db": "PACKETSTORM",
"id": "133316"
},
{
"date": "2015-03-24T17:05:09",
"db": "PACKETSTORM",
"id": "130987"
},
{
"date": "2015-01-12T21:48:37",
"db": "PACKETSTORM",
"id": "129893"
},
{
"date": "2016-06-02T19:12:12",
"db": "PACKETSTORM",
"id": "137292"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-07-21T13:37:51",
"db": "PACKETSTORM",
"id": "132763"
},
{
"date": "2015-01-22T01:35:41",
"db": "PACKETSTORM",
"id": "130051"
},
{
"date": "2015-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"date": "2015-01-09T02:59:11.273000",
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0205"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71941"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-172"
},
{
"date": "2017-11-15T02:29:05.890000",
"db": "NVD",
"id": "CVE-2015-0205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL \u2018 ssl3_get_cert_verify \u0027Function Encryption Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-172"
}
],
"trust": 0.6
}
}
var-201607-0174
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager. The vulnerability can be exploited over the 'HTTPS' protocol. The 'Emulex' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-3585",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-92404",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2016-3585",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3585",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-3585",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92404",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-3585",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager. \nThe vulnerability can be exploited over the \u0027HTTPS\u0027 protocol. The \u0027Emulex\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3585",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91952",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92404",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-3585",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"id": "VAR-201607-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:09:39.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63137"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91952"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3585"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3585"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-92404"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91952"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"date": "2016-07-21T10:14:24.237000",
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-92404"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91952"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-777"
},
{
"date": "2017-09-01T01:29:15.740000",
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Emulex Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
}
}
var-201607-0605
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-3481",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-92300",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2016-3481",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3481",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-3481",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-678",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92300",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-3481",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Web\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3481",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91977",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92300",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-3481",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"id": "VAR-201607-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:03:09.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63038"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91977"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3481"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3481"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-92300"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91977"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"date": "2016-07-21T10:12:35.087000",
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-92300"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91977"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-678"
},
{
"date": "2017-09-01T01:29:10.477000",
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Web Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
}
}
var-201604-0434
Vulnerability from variot
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts2 Contains a vulnerability that allows execution of arbitrary code. Note that this vulnerability was used proof-of-concept The code has been released. National Vulnerability Database (NVD) Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) http://cwe.mitre.org/data/definitions/77.htmlA remote attacker could execute arbitrary code on the server where the product is running. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.20.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.16.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.20"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.28"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.24"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.3.16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "2.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.24.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.12"
},
{
"model": "siebel e-billing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.4.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.3.20 from 2.3.28 (struts 2.3.20.3 and struts 2.3.24.3 except for )"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.5.0"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.6.0"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.7.0"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.8.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2.2.0"
},
{
"model": "siebel",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of siebel apps - e-billing 7.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "oceanstor n8500 v200r001c09spc506",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor onebox v100r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.20.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "agile controller-campus v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v300r003c10spc100",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "18800v3"
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "5600"
},
{
"model": "oceanstor v100r001c01",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "oceanstor v300r003c10spc100",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "18500v3"
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "oceanstor n8500 v200r001c91spc900",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "anyoffice v200r006c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "5300"
},
{
"model": "oceanstor v300r003c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5300v3"
},
{
"model": "oceanstor onebox v100r005c00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "5500"
},
{
"model": "siebel apps e-billing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "-7.1"
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "5800"
},
{
"model": "oceanstor",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5800v30"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "agile controller-campus v100r002c00spc107",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "logcenter v100r001c20spc102",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "5800v3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "anyoffice emm v200r006c00spc101",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v300r001c20",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5300v3"
},
{
"model": "oceanstor v300r003c10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "18500v3"
},
{
"model": "oceanstor n8500 v200r001c09",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "oceanstor v300r005c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "firehunter6000 v100r001c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "oceanstor n8500 v200r001c91spc205",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "agile controller-campus v100r002c00spc106t",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor n8500 v200r001c91spc902",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "oceanstor v300r003c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "6800v3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "oceanstor v300r003c10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "18800"
},
{
"model": "oceanstor n8500 v200r001c91spc901",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "logcenter v100r001c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.24.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "oceanstor v100r001c30",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "oceanstor v300r002c10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5300v3"
},
{
"model": "oceanstor n8500 v200r001c91",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "anyoffice v200r005c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor n8500 v200r001c09spc505",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "firehunter6000 v100r001c20spc106t",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:micros_retail_xbri_loss_prevention",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:flexcube_private_banking",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:siebel_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nike Zheng nike.zheng@dbappsecurity.com.cn",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-3081",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2016-3081",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3081",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-3081",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3081",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts2 Contains a vulnerability that allows execution of arbitrary code. Note that this vulnerability was used proof-of-concept The code has been released. National Vulnerability Database (NVD) Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) http://cwe.mitre.org/data/definitions/77.htmlA remote attacker could execute arbitrary code on the server where the product is running. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "VULMON",
"id": "CVE-2016-3081"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39756",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3081"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3081",
"trust": 2.8
},
{
"db": "BID",
"id": "87327",
"trust": 1.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "136856",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1035665",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "39756",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU91375252",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-3081",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"id": "VAR-201604-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.592803025
},
"last_update_date": "2024-08-14T12:04:50.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "S2-032: Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.",
"trust": 0.8,
"url": "http://struts.apache.org/docs/s2-032.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "Apache Struts 2 Fixes for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61268"
},
{
"title": "Red Hat: CVE-2016-3081",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-3081"
},
{
"title": "Forcepoint Security Advisories: CVE-2016-3081 Apache Struts 2 security vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=11425734a2681a4f1da0e4a7a8f3837d"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "PyEXP",
"trust": 0.1,
"url": "https://github.com/jooeji/PyEXP "
},
{
"title": "S02-32-POC",
"trust": 0.1,
"url": "https://github.com/killerhack/S02-32-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.9,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.9,
"url": "https://struts.apache.org/docs/s2-032.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/87327"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/39756/"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1035665"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/136856/apache-struts-2.3.28-dynamic-method-invocation-remote-code-execution.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.0,
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec"
},
{
"trust": 1.0,
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3081"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160427-struts.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2016/at160020.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91375252"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3081"
},
{
"trust": 0.8,
"url": "http://seclab.dbappsecurity.com.cn/?p=924"
},
{
"trust": 0.6,
"url": "http/struts_dmi_exec"
},
{
"trust": 0.6,
"url": "http://www.rapid7.com/db/modules/exploit/multi/"
},
{
"trust": 0.6,
"url": "http://www.rapid7.com/db/modules/exploit/linux/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20160427-01-struts2-en"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
}
],
"sources": [
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87327"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"date": "2016-04-26T14:59:02.207000",
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3081"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "87327"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002326"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-585"
},
{
"date": "2019-08-12T21:15:13.157000",
"db": "NVD",
"id": "CVE-2016-3081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts2 Arbitrary code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002326"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87327"
},
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.6
}
}
var-202106-0522
Vulnerability from variot
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. curl Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-36
https://security.gentoo.org/
Severity: High Title: cURL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #779535, #792192 ID: 202105-36
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.77.0 >= 7.77.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0"
References
[ 1 ] CVE-2021-22876 https://nvd.nist.gov/vuln/detail/CVE-2021-22876 [ 2 ] CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890 [ 3 ] CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 [ 4 ] CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-22901
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-36
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 =====================================================================
- Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
- References:
https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.25"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.76.1"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.34"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.047"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.75.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "essbase",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "curl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.75.0 to 7.76"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens notified CISA these devices are affected by these known vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22901",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22901",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-22901",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22901",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22901",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22901",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1683",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381375",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22901",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. curl Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-36\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: cURL: Multiple vulnerabilities\n Date: May 26, 2021\n Bugs: #779535, #792192\n ID: 202105-36\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.77.0 \u003e= 7.77.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.77.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-22876\n https://nvd.nist.gov/vuln/detail/CVE-2021-22876\n[ 2 ] CVE-2021-22890\n https://nvd.nist.gov/vuln/detail/CVE-2021-22890\n[ 3 ] CVE-2021-22898\n https://nvd.nist.gov/vuln/detail/CVE-2021-22898\n[ 4 ] CVE-2021-22901\n https://nvd.nist.gov/vuln/detail/CVE-2021-22901\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-36\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID: RHSA-2021:2471-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2471\nIssue date: 2021-06-17\nCVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22901",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-732250",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.8
},
{
"db": "HACKERONE",
"id": "1180380",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162817",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-13",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042295",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062142",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012303",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052719",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072058",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052620",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1816",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2168",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-381375",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22901",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"id": "VAR-202106-0522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381375"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:26:43.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TLS\u00a0session\u00a0caching\u00a0disaster",
"trust": 0.8,
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"title": "HAXX Haxx curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=154689"
},
{
"title": "Red Hat: CVE-2021-22901",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22901"
},
{
"title": "Arch Linux Advisories: [ASA-202106-4] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-4"
},
{
"title": "Arch Linux Advisories: [ASA-202106-6] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-6"
},
{
"title": "Arch Linux Advisories: [ASA-202106-5] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-5"
},
{
"title": "Arch Linux Advisories: [ASA-202106-7] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-7"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22901 log"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "package-vulnerability-scanner",
"trust": 0.1,
"url": "https://github.com/Vault-Boy-Luke/package-vulnerability-scanner "
},
{
"title": "package-vulnerability-scanner",
"trust": 0.1,
"url": "https://github.com/techloz/package-vulnerability-scanner "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"trust": 1.8,
"url": "https://curl.se/docs/cve-2021-22901.html"
},
{
"trust": 1.8,
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"trust": 1.8,
"url": "https://hackerone.com/reports/1180380"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052620"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1816"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-use-after-free-via-tls-session-caching-35540"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163193/red-hat-security-advisory-2021-2471-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060128"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-13"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072058"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012303"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2168"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060321"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062142"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052719"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2472"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381375"
},
{
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-381375"
},
{
"date": "2021-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"date": "2021-05-26T17:36:11",
"db": "PACKETSTORM",
"id": "162817"
},
{
"date": "2021-06-17T18:01:23",
"db": "PACKETSTORM",
"id": "163193"
},
{
"date": "2021-06-17T18:09:26",
"db": "PACKETSTORM",
"id": "163197"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"date": "2021-06-11T16:15:11.120000",
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-381375"
},
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22901"
},
{
"date": "2022-03-07T02:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-008168"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1683"
},
{
"date": "2024-03-27T15:12:59.917000",
"db": "NVD",
"id": "CVE-2021-22901"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1683"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerabilities in the use of freed memory",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202108-2221
Vulnerability from variot
curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes Advisory ID: RHSA-2022:1081-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081 Issue date: 2022-03-28 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3521 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-3999 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-42574 CVE-2021-43565 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23806 CVE-2022-24407 ==================================================================== 1. Summary:
Gatekeeper Operator v0.2
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:
-
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
installPlanApprovalset toAutomatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting forinstallPlanApprovaltomanual, then you must view each cluster to manually approve the upgrade to the operator.
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
-
- Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.
Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.
- Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
- References:
https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate https://open-policy-agent.github.io/gatekeeper/website/docs/howto/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43 9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07 +jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb 1PnhEG7/jO4=XPu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)
Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14
In general, a standard system update will make all the necessary changes. Summary:
An update is now available for OpenShift Logging 5.3. Description:
Openshift Logging Security and Bug Fix Release (5.3.1)
Security Fix(es):
-
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
-
netty: Request smuggling via content-length header (CVE-2021-21409)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]
- Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Solution:
OSP 16.2.z Release - OSP Director Operator Containers
- Bugs fixed (https://bugzilla.redhat.com/):
2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
-
RHACM 2.2.11 images (Bugzilla #2029508)
-
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
2030859)
- Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- Bugs fixed (https://bugzilla.redhat.com/):
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-2235 - Release RHOSDT 2.1
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.3.1"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.5"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.35"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.78.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.7"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165758"
}
],
"trust": 0.9
},
"cve": "CVE-2021-22925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381399",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22925",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22925",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381399",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes\nAdvisory ID: RHSA-2022:1081-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1081\nIssue date: 2022-03-28\nCVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n CVE-2019-19603 CVE-2019-20838 CVE-2020-12762\n CVE-2020-13435 CVE-2020-14155 CVE-2020-16135\n CVE-2020-24370 CVE-2021-3200 CVE-2021-3445\n CVE-2021-3521 CVE-2021-3580 CVE-2021-3712\n CVE-2021-3800 CVE-2021-3999 CVE-2021-20231\n CVE-2021-20232 CVE-2021-22876 CVE-2021-22898\n CVE-2021-22925 CVE-2021-23177 CVE-2021-28153\n CVE-2021-31566 CVE-2021-33560 CVE-2021-36084\n CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n CVE-2021-42574 CVE-2021-43565 CVE-2022-23218\n CVE-2022-23219 CVE-2022-23308 CVE-2022-23806\n CVE-2022-24407\n====================================================================\n1. Summary:\n\nGatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43\n9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG\nk7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D\nmrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07\n+jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr\nKo/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx\nceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q\nLimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej\nmcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH\nvsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK\nlYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb\n1PnhEG7/jO4=XPu4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n curl 7.74.0-1ubuntu2.1\n libcurl3-gnutls 7.74.0-1ubuntu2.1\n libcurl3-nss 7.74.0-1ubuntu2.1\n libcurl4 7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.6\n libcurl3-gnutls 7.68.0-1ubuntu2.6\n libcurl3-nss 7.68.0-1ubuntu2.6\n libcurl4 7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.14\n libcurl3-gnutls 7.58.0-2ubuntu3.14\n libcurl3-nss 7.58.0-2ubuntu3.14\n libcurl4 7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Summary:\n\nAn update is now available for OpenShift Logging 5.3. Description:\n\nOpenshift Logging Security and Bug Fix Release (5.3.1)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\nLOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard\nLOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]\n\n6. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. Solution:\n\nOSP 16.2.z Release - OSP Director Operator Containers\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025995 - Rebase tech preview on latest upstream v1.2.x branch\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2036784 - osp controller (fencing enabled) in downed state after system manual crash test\n\n5. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant instructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2029508 - RHACM 2.2.11 images\n2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-2235 - Release RHOSDT 2.1\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22925"
},
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165758"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22925",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1223882",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166308",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166489",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165758",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164886",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381399",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"id": "VAR-202108-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-09-19T20:35:22.021000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212804"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212805"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/39"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/40"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1223882"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1081"
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
},
{
"trust": 0.1,
"url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0318"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381399"
},
{
"date": "2022-03-28T15:52:16",
"db": "PACKETSTORM",
"id": "166489"
},
{
"date": "2021-07-22T23:15:11",
"db": "PACKETSTORM",
"id": "163637"
},
{
"date": "2021-12-15T15:27:05",
"db": "PACKETSTORM",
"id": "165296"
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2022-03-15T15:41:45",
"db": "PACKETSTORM",
"id": "166308"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2022-03-15T15:44:21",
"db": "PACKETSTORM",
"id": "166309"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2022-01-28T14:33:13",
"db": "PACKETSTORM",
"id": "165758"
},
{
"date": "2021-08-05T21:15:11.467000",
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381399"
},
{
"date": "2024-03-27T15:11:42.063000",
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163637"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-1081-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "166489"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165288"
}
],
"trust": 0.2
}
}
var-201905-0095
Vulnerability from variot
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. curl/libcURL is prone a heap-based buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. libcurl versions 7.19.4 through 7.64.1 are vulnerable. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-29
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 15, 2020 Bugs: #686050, #694020 ID: 202003-29
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.66.0 >= 7.66.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.66.0"
References
[ 1 ] CVE-2019-5435 https://nvd.nist.gov/vuln/detail/CVE-2019-5435 [ 2 ] CVE-2019-5436 https://nvd.nist.gov/vuln/detail/CVE-2019-5436 [ 3 ] CVE-2019-5481 https://nvd.nist.gov/vuln/detail/CVE-2019-5481 [ 4 ] CVE-2019-5482 https://nvd.nist.gov/vuln/detail/CVE-2019-5482
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435)
It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. (CVE-2019-5436)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1
Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13
In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64
- This only affects the oldstable distribution (stretch).
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
by a malicious server sending a very large data block.
For the oldstable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u10.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u1.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5 eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7 KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30 KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b -----END PGP SIGNATURE----- .
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
-
8) - aarch64, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2020:1020-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1020 Issue date: 2020-03-31 CVE Names: CVE-2019-5436 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice 1769307 - curl fails while attempting to POST a char device
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
ppc64: curl-7.29.0-57.el7.ppc64.rpm curl-debuginfo-7.29.0-57.el7.ppc.rpm curl-debuginfo-7.29.0-57.el7.ppc64.rpm libcurl-7.29.0-57.el7.ppc.rpm libcurl-7.29.0-57.el7.ppc64.rpm libcurl-devel-7.29.0-57.el7.ppc.rpm libcurl-devel-7.29.0-57.el7.ppc64.rpm
ppc64le: curl-7.29.0-57.el7.ppc64le.rpm curl-debuginfo-7.29.0-57.el7.ppc64le.rpm libcurl-7.29.0-57.el7.ppc64le.rpm libcurl-devel-7.29.0-57.el7.ppc64le.rpm
s390x: curl-7.29.0-57.el7.s390x.rpm curl-debuginfo-7.29.0-57.el7.s390.rpm curl-debuginfo-7.29.0-57.el7.s390x.rpm libcurl-7.29.0-57.el7.s390.rpm libcurl-7.29.0-57.el7.s390x.rpm libcurl-devel-7.29.0-57.el7.s390.rpm libcurl-devel-7.29.0-57.el7.s390x.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z qwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr u+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP MvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q 9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r JcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+ hJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T N0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc bgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/ cBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7 0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ M95S58Xnb8U= =UHVC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
This advisory contains the following OpenShift Virtualization 2.4.0 images:
RHEL-7-CNV-2.4
kubevirt-ssp-operator-container-v2.4.0-71
RHEL-8-CNV-2.4
virt-cdi-controller-container-v2.4.0-29 virt-cdi-uploadproxy-container-v2.4.0-29 hostpath-provisioner-container-v2.4.0-25 virt-cdi-operator-container-v2.4.0-29 kubevirt-metrics-collector-container-v2.4.0-18 cnv-containernetworking-plugins-container-v2.4.0-36 kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18 hostpath-provisioner-operator-container-v2.4.0-31 virt-cdi-uploadserver-container-v2.4.0-29 virt-cdi-apiserver-container-v2.4.0-29 virt-controller-container-v2.4.0-58 virt-cdi-cloner-container-v2.4.0-29 kubevirt-template-validator-container-v2.4.0-21 vm-import-operator-container-v2.4.0-21 kubernetes-nmstate-handler-container-v2.4.0-37 node-maintenance-operator-container-v2.4.0-27 virt-operator-container-v2.4.0-58 kubevirt-v2v-conversion-container-v2.4.0-23 cnv-must-gather-container-v2.4.0-73 virtio-win-container-v2.4.0-15 kubevirt-cpu-node-labeller-container-v2.4.0-19 ovs-cni-plugin-container-v2.4.0-37 kubevirt-vmware-container-v2.4.0-21 hyperconverged-cluster-operator-container-v2.4.0-70 virt-handler-container-v2.4.0-58 virt-cdi-importer-container-v2.4.0-29 virt-launcher-container-v2.4.0-58 kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17 virt-api-container-v2.4.0-58 ovs-cni-marker-container-v2.4.0-38 kubemacpool-container-v2.4.0-39 cluster-network-addons-operator-container-v2.4.0-38 bridge-marker-container-v2.4.0-39 vm-import-controller-container-v2.4.0-21 hco-bundle-registry-container-v2.3.0-497
- Bugs fixed (https://bugzilla.redhat.com/):
1684772 - virt-launcher images do not have the edk2-ovmf package installed 1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency 1724978 - [RFE][v2v] Improve the way we display progress percent in UI 1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc 1727117 - [RFE] Reduce installed libvirt components 1780473 - Delete VM is hanging if the corresponding template does not exist anymore 1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue. 1789564 - Failed to allocate a SRIOV VF to VMI 1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent 1796342 - VM Failing to start since hard disk not ready 1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue) 1805044 - No mem/filesystem/Network Utilization in VM overview 1806288 - [CDI] fails to import images that comes from url that reject HEAD requests 1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server templates, windows-server should not have desktop version 1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable 1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state) 1816518 - [SSP] Common templates - template name under objects -> metadata -> labels should be identical to the template actual name 1817080 - node maintenance CRD is marked with NonStructuralSchema condition 1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object 1820651 - CDI import fails using block volume (available size -1) 1821209 - Debug log message looks unprofessional 1822079 - nmstate-handler fails to start and keeps restarting 1822315 - status.desiredState: doesn't pick the correct value and is null 1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace 1823699 - [CNV-2.4] Failing to deploy NetworkAddons 1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components 1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator 1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator 1827257 - VMs' connectivity is available even the two VMs are in different vlan 1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided 1829376 - VMs with blank block volumes fail to spin up 1830780 - virt-v2v-wrapper - 0% VM migration progress in UI 1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC 1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have 'RUNNING' state in cli 1832283 - [SSP operator] Common templates and template_validator are missing after clean installation 1832291 - SSP installation is successful even with some components missing 1832769 - [kubevirt version] is not reported correctly 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7 1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster 1834253 - VMs are stuck in Starting state 1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4 1835426 - [RFE] Provide a clear error message when VM and VMI name does not match 1836792 - [CNV deployment] kubevirt components are missing 1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours 1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model 1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs 1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up 1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults 1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory 1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest 1840652 - Upgrade indication is missing 1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation 1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter 1841505 - [CNV-2.4] virt-template-validator container fails to start 1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels 1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template 1843219 - node-labeller SCC is privileged, which appears too relaxed 1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined 1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled 1843519 - HCO CR is not listed when running "kubectl get all" from command line 1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed 1844057 - [CNV-2.4] cluster-network-addons-operator failing to start 1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator 1844907 - kubemacpool deployment status errors regarding replicas 1845060 - Node-labeller is in pending state when node doesn't have kvm device 1845061 - Version displayed in Container Native Virtualization OperatorHub side panel 1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created 1845557 - [CNV-2.4] template validator webhook fails with certification issues 1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting. 1845899 - [CNV-2.5] cluster-network-addons-operator failing to start 1845901 - Filesystem corruption related to smart clone 1847070 - vmi cannot be scheduled , qemu-kvm core dump 1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations 1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable 1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable 1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files 1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass 1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image. 1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping 1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller 1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod. 1850937 - kubemacpool fails in a specific order of components startup 1851856 - Deployment not progressing due to PriorityClass missing 1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV 1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible 1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment 1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable 1853373 - virtctl image-upload fails to upload an image if the dv name includes a "." 1854419 - [Re-brand] Align CSV 1854744 - To stabilize some tests I need to backport PRs which change production code 1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather 1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated. 1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY 1856979 - Domain notify errors break VMI migrations and graceful shutdown
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "traffix signaling delivery controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.28"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.17"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "traffix signaling delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "5.0.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.27"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "19.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "8"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.34"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.33"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.32"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.31"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.30"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.25"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.23"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.22"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.20"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.29.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.28.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.28.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.27.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.26.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.24.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.23.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.20.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.7"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.65"
}
],
"sources": [
{
"db": "BID",
"id": "108435"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Debian,Red Hat,Slackware Security Team,l00p3r.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5436",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-156871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5436",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5436",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-933",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-156871",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5436",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. curl/libcURL is prone a heap-based buffer-overflow vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nlibcurl versions 7.19.4 through 7.64.1 are vulnerable. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 15, 2020\n Bugs: #686050, #694020\n ID: 202003-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\nmay lead to arbitrary code execution. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.66.0 \u003e= 7.66.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.66.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-5435\n https://nvd.nist.gov/vuln/detail/CVE-2019-5435\n[ 2 ] CVE-2019-5436\n https://nvd.nist.gov/vuln/detail/CVE-2019-5436\n[ 3 ] CVE-2019-5481\n https://nvd.nist.gov/vuln/detail/CVE-2019-5481\n[ 4 ] CVE-2019-5482\n https://nvd.nist.gov/vuln/detail/CVE-2019-5482\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-29\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3993-1\nMay 22, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue only affected Ubuntu 19.04. (CVE-2019-5435)\n\nIt was discovered that curl incorrectly handled memory when receiving data\nfrom a TFTP server. (CVE-2019-5436)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n curl 7.64.0-2ubuntu1.1\n libcurl3-gnutls 7.64.0-2ubuntu1.1\n libcurl3-nss 7.64.0-2ubuntu1.1\n libcurl4 7.64.0-2ubuntu1.1\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.4\n libcurl3-gnutls 7.61.0-1ubuntu2.4\n libcurl3-nss 7.61.0-1ubuntu2.4\n libcurl4 7.61.0-1ubuntu2.4\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.7\n libcurl3-gnutls 7.58.0-2ubuntu3.7\n libcurl3-nss 7.58.0-2ubuntu3.7\n libcurl4 7.58.0-2ubuntu3.7\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.13\n libcurl3 7.47.0-1ubuntu2.13\n libcurl3-gnutls 7.47.0-1ubuntu2.13\n libcurl3-nss 7.47.0-1ubuntu2.13\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. This only affects\n the oldstable distribution (stretch). \n\nCVE-2019-5481\n\n Thomas Vegas discovered a double-free in the FTP-KRB code, triggered\n by a malicious server sending a very large data block. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u10. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u1. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi\nRyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5\neQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU\naP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU\nG86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F\ntR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7\nKLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e\nqVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH\nZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj\nKbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW\nG9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30\nKqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b\n-----END PGP SIGNATURE-----\n. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: curl security and bug fix update\nAdvisory ID: RHSA-2020:1020-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1020\nIssue date: 2020-03-31\nCVE Names: CVE-2019-5436 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n(CVE-2019-5436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice\n1769307 - curl fails while attempting to POST a char device\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nppc64:\ncurl-7.29.0-57.el7.ppc64.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64.rpm\nlibcurl-7.29.0-57.el7.ppc.rpm\nlibcurl-7.29.0-57.el7.ppc64.rpm\nlibcurl-devel-7.29.0-57.el7.ppc.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64.rpm\n\nppc64le:\ncurl-7.29.0-57.el7.ppc64le.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64le.rpm\nlibcurl-7.29.0-57.el7.ppc64le.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64le.rpm\n\ns390x:\ncurl-7.29.0-57.el7.s390x.rpm\ncurl-debuginfo-7.29.0-57.el7.s390.rpm\ncurl-debuginfo-7.29.0-57.el7.s390x.rpm\nlibcurl-7.29.0-57.el7.s390.rpm\nlibcurl-7.29.0-57.el7.s390x.rpm\nlibcurl-devel-7.29.0-57.el7.s390.rpm\nlibcurl-devel-7.29.0-57.el7.s390x.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5436\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z\nqwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr\nu+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP\nMvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q\n9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r\nJcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+\nhJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T\nN0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc\nbgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/\ncBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7\n0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ\nM95S58Xnb8U=\n=UHVC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. \n\nThis advisory contains the following OpenShift Virtualization 2.4.0 images:\n\nRHEL-7-CNV-2.4\n==============\nkubevirt-ssp-operator-container-v2.4.0-71\n\nRHEL-8-CNV-2.4\n==============\nvirt-cdi-controller-container-v2.4.0-29\nvirt-cdi-uploadproxy-container-v2.4.0-29\nhostpath-provisioner-container-v2.4.0-25\nvirt-cdi-operator-container-v2.4.0-29\nkubevirt-metrics-collector-container-v2.4.0-18\ncnv-containernetworking-plugins-container-v2.4.0-36\nkubevirt-kvm-info-nfd-plugin-container-v2.4.0-18\nhostpath-provisioner-operator-container-v2.4.0-31\nvirt-cdi-uploadserver-container-v2.4.0-29\nvirt-cdi-apiserver-container-v2.4.0-29\nvirt-controller-container-v2.4.0-58\nvirt-cdi-cloner-container-v2.4.0-29\nkubevirt-template-validator-container-v2.4.0-21\nvm-import-operator-container-v2.4.0-21\nkubernetes-nmstate-handler-container-v2.4.0-37\nnode-maintenance-operator-container-v2.4.0-27\nvirt-operator-container-v2.4.0-58\nkubevirt-v2v-conversion-container-v2.4.0-23\ncnv-must-gather-container-v2.4.0-73\nvirtio-win-container-v2.4.0-15\nkubevirt-cpu-node-labeller-container-v2.4.0-19\novs-cni-plugin-container-v2.4.0-37\nkubevirt-vmware-container-v2.4.0-21\nhyperconverged-cluster-operator-container-v2.4.0-70\nvirt-handler-container-v2.4.0-58\nvirt-cdi-importer-container-v2.4.0-29\nvirt-launcher-container-v2.4.0-58\nkubevirt-cpu-model-nfd-plugin-container-v2.4.0-17\nvirt-api-container-v2.4.0-58\novs-cni-marker-container-v2.4.0-38\nkubemacpool-container-v2.4.0-39\ncluster-network-addons-operator-container-v2.4.0-38\nbridge-marker-container-v2.4.0-39\nvm-import-controller-container-v2.4.0-21\nhco-bundle-registry-container-v2.3.0-497\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1684772 - virt-launcher images do not have the edk2-ovmf package installed\n1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency\n1724978 - [RFE][v2v] Improve the way we display progress percent in UI\n1725672 - CDI: getting error with \"unknown reason\" when trying to create UploadTokenRequest for a none existing pvc\n1727117 - [RFE] Reduce installed libvirt components\n1780473 - Delete VM is hanging if the corresponding template does not exist anymore\n1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue. \n1789564 - Failed to allocate a SRIOV VF to VMI\n1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent\n1796342 - VM Failing to start since hard disk not ready\n1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue)\n1805044 - No mem/filesystem/Network Utilization in VM overview\n1806288 - [CDI] fails to import images that comes from url that reject HEAD requests\n1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version\n1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable\n1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state)\n1816518 - [SSP] Common templates - template name under objects -\u003e metadata -\u003e labels should be identical to the template actual name\n1817080 - node maintenance CRD is marked with NonStructuralSchema condition\n1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object\n1820651 - CDI import fails using block volume (available size -1)\n1821209 - Debug log message looks unprofessional\n1822079 - nmstate-handler fails to start and keeps restarting\n1822315 - status.desiredState: doesn\u0027t pick the correct value and is null\n1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace\n1823699 - [CNV-2.4] Failing to deploy NetworkAddons\n1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components\n1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator\n1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator\n1827257 - VMs\u0027 connectivity is available even the two VMs are in different vlan\n1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided\n1829376 - VMs with blank block volumes fail to spin up\n1830780 - virt-v2v-wrapper - 0% VM migration progress in UI\n1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC\n1832179 - [virt] VM with runStrategy attribute (instead of \u0027running\u0027 attribute) does not have \u0027RUNNING\u0027 state in cli\n1832283 - [SSP operator] Common templates and template_validator are missing after clean installation\n1832291 - SSP installation is successful even with some components missing\n1832769 - [kubevirt version] is not reported correctly\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7\n1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster\n1834253 - VMs are stuck in Starting state\n1835242 - Can\u0027t query SSP CRs after upgrade from 2.3 to 2.4\n1835426 - [RFE] Provide a clear error message when VM and VMI name does not match\n1836792 - [CNV deployment] kubevirt components are missing\n1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours\n1837670 - Specifying \"Ubuntu 18.04 LTS\" force the Conroe CPU model\n1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs\n1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up\n1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults\n1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory\n1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest\n1840652 - Upgrade indication is missing\n1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation\n1841325 - [CNV][V2V] VM migration fails if VMWare host isn\u0027t under Cluster but directly under Datacenter\n1841505 - [CNV-2.4] virt-template-validator container fails to start\n1842869 - vmi cannot be scheduled, because node labeller doesn\u0027t report correct labels\n1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template\n1843219 - node-labeller SCC is privileged, which appears too relaxed\n1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined\n1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled\n1843519 - HCO CR is not listed when running \"kubectl get all\" from command line\n1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed\n1844057 - [CNV-2.4] cluster-network-addons-operator failing to start\n1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator\n1844907 - kubemacpool deployment status errors regarding replicas\n1845060 - Node-labeller is in pending state when node doesn\u0027t have kvm device\n1845061 - Version displayed in Container Native Virtualization OperatorHub side panel\n1845477 - [SSP] Template validator fails to \"Extract the CA bundle\"; template validator is not called when a VM is created\n1845557 - [CNV-2.4] template validator webhook fails with certification issues\n1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting. \n1845899 - [CNV-2.5] cluster-network-addons-operator failing to start\n1845901 - Filesystem corruption related to smart clone\n1847070 - vmi cannot be scheduled , qemu-kvm core dump\n1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations\n1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable\n1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable\n1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files\n1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass\n1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image. \n1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping\n1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller\n1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod. \n1850937 - kubemacpool fails in a specific order of components startup\n1851856 - Deployment not progressing due to PriorityClass missing\n1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV\n1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible\n1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment\n1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable\n1853373 - virtctl image-upload fails to upload an image if the dv name includes a \".\"\n1854419 - [Re-brand] Align CSV\n1854744 - To stabilize some tests I need to backport PRs which change production code\n1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather\n1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated. \n1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY\n1856979 - Domain notify errors break VMI migrations and graceful shutdown\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5436"
},
{
"db": "BID",
"id": "108435"
},
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "PACKETSTORM",
"id": "153010"
},
{
"db": "PACKETSTORM",
"id": "156753"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "PACKETSTORM",
"id": "158637"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5436",
"trust": 3.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/09/11/6",
"trust": 1.8
},
{
"db": "BID",
"id": "108435",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "158035",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157425",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156753",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153003",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2033",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0651",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1494",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1177",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4780",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2593",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "153051",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156986",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153010",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-156871",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-5436",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "BID",
"id": "108435"
},
{
"db": "PACKETSTORM",
"id": "153010"
},
{
"db": "PACKETSTORM",
"id": "156753"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "PACKETSTORM",
"id": "158637"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"id": "VAR-201905-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:24:29.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Haxx libcurl Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92898"
},
{
"title": "Red Hat: Low: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202505 - Security Advisory"
},
{
"title": "Red Hat: Low: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201020 - Security Advisory"
},
{
"title": "Red Hat: Moderate: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201792 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: curl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3993-2"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3993-1"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5436: TFTP receive buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=af8cb489ed21fcca996e119afe1e5163"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5435: Integer overflows in curl_url_set",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae65389c96796d30251ace6eb631de7"
},
{
"title": "Arch Linux Advisories: [ASA-201905-16] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-16"
},
{
"title": "Debian Security Advisories: DSA-4633-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=13ee33e4932409d819a833a7d96f2574"
},
{
"title": "Arch Linux Advisories: [ASA-201905-12] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-12"
},
{
"title": "Arch Linux Advisories: [ASA-201905-11] libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-11"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1233",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1233"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-5436"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1233",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1233"
},
{
"title": "Arch Linux Advisories: [ASA-201905-15] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-15"
},
{
"title": "Arch Linux Advisories: [ASA-201905-14] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-14"
},
{
"title": "Arch Linux Advisories: [ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-13"
},
{
"title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203194 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://curl.haxx.se/docs/cve-2019-5436.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2020/feb/36"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k55133295"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/108435"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5436"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://seclists.org/oss-sec/2019/q2/124"
},
{
"trust": 0.9,
"url": "https://usn.ubuntu.com/3993-1"
},
{
"trust": 0.9,
"url": "https://usn.ubuntu.com/3993-2"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-5436cve-2019-5436curl:tftpreceiveheapbufferoverflowintftp_receive_packet()function"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108041"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3993-1/"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00036.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156523/debian-security-advisory-4633-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143490"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2593/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153003/ubuntu-security-notice-usn-3993-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2033/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1874/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0651/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4780/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-multiple-vulnerabilities-29382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4380/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1837/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153051/slackware-security-advisory-curl-updates.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157425/red-hat-security-advisory-2020-1792-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1494/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1177/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156753/gentoo-linux-security-advisory-202003-29.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158035/red-hat-security-advisory-2020-2505-01.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "cve-2019-5436 curl: tftp receive heap buffer overflow in tftp_receive_packet() function"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5481"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2505"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3993-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60232"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3993-2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3993-2"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1792"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1020"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10754"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7263"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14316"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12653"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12654"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "BID",
"id": "108435"
},
{
"db": "PACKETSTORM",
"id": "153010"
},
{
"db": "PACKETSTORM",
"id": "156753"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "PACKETSTORM",
"id": "158637"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "BID",
"id": "108435"
},
{
"db": "PACKETSTORM",
"id": "153010"
},
{
"db": "PACKETSTORM",
"id": "156753"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "PACKETSTORM",
"id": "158637"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-28T00:00:00",
"db": "VULHUB",
"id": "VHN-156871"
},
{
"date": "2019-05-28T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"date": "2019-05-22T00:00:00",
"db": "BID",
"id": "108435"
},
{
"date": "2019-05-22T23:23:23",
"db": "PACKETSTORM",
"id": "153010"
},
{
"date": "2020-03-16T13:55:33",
"db": "PACKETSTORM",
"id": "156753"
},
{
"date": "2019-05-22T14:39:56",
"db": "PACKETSTORM",
"id": "153003"
},
{
"date": "2020-06-11T16:34:00",
"db": "PACKETSTORM",
"id": "158035"
},
{
"date": "2020-02-25T15:20:44",
"db": "PACKETSTORM",
"id": "156523"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2020-04-28T20:19:57",
"db": "PACKETSTORM",
"id": "157425"
},
{
"date": "2020-03-31T19:42:22",
"db": "PACKETSTORM",
"id": "156986"
},
{
"date": "2020-07-29T00:06:36",
"db": "PACKETSTORM",
"id": "158637"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"date": "2019-05-28T19:29:06.127000",
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-156871"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"date": "2019-05-22T00:00:00",
"db": "BID",
"id": "108435"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"date": "2023-11-07T03:11:35.247000",
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Haxx libcurl Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
}
}
var-202108-2222
Vulnerability from variot
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)
Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14
In general, a standard system update will make all the necessary changes. Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):
1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang 1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang 1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places
- Bugs fixed (https://bugzilla.redhat.com/):
2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security update Advisory ID: RHSA-2021:3582-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3582 Issue date: 2021-09-21 CVE Names: CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: Content not matching hash in Metalink is not being discarded (CVE-2021-22922)
-
curl: Metalink download sends credentials (CVE-2021-22923)
-
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1981435 - CVE-2021-22922 curl: Content not matching hash in Metalink is not being discarded 1981438 - CVE-2021-22923 curl: Metalink download sends credentials 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-18.el8_4.1.src.rpm
aarch64: curl-7.61.1-18.el8_4.1.aarch64.rpm curl-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm curl-debugsource-7.61.1-18.el8_4.1.aarch64.rpm curl-minimal-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm libcurl-7.61.1-18.el8_4.1.aarch64.rpm libcurl-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm libcurl-devel-7.61.1-18.el8_4.1.aarch64.rpm libcurl-minimal-7.61.1-18.el8_4.1.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm
ppc64le: curl-7.61.1-18.el8_4.1.ppc64le.rpm curl-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm curl-debugsource-7.61.1-18.el8_4.1.ppc64le.rpm curl-minimal-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm libcurl-7.61.1-18.el8_4.1.ppc64le.rpm libcurl-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm libcurl-devel-7.61.1-18.el8_4.1.ppc64le.rpm libcurl-minimal-7.61.1-18.el8_4.1.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm
s390x: curl-7.61.1-18.el8_4.1.s390x.rpm curl-debuginfo-7.61.1-18.el8_4.1.s390x.rpm curl-debugsource-7.61.1-18.el8_4.1.s390x.rpm curl-minimal-debuginfo-7.61.1-18.el8_4.1.s390x.rpm libcurl-7.61.1-18.el8_4.1.s390x.rpm libcurl-debuginfo-7.61.1-18.el8_4.1.s390x.rpm libcurl-devel-7.61.1-18.el8_4.1.s390x.rpm libcurl-minimal-7.61.1-18.el8_4.1.s390x.rpm libcurl-minimal-debuginfo-7.61.1-18.el8_4.1.s390x.rpm
x86_64: curl-7.61.1-18.el8_4.1.x86_64.rpm curl-debuginfo-7.61.1-18.el8_4.1.i686.rpm curl-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm curl-debugsource-7.61.1-18.el8_4.1.i686.rpm curl-debugsource-7.61.1-18.el8_4.1.x86_64.rpm curl-minimal-debuginfo-7.61.1-18.el8_4.1.i686.rpm curl-minimal-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm libcurl-7.61.1-18.el8_4.1.i686.rpm libcurl-7.61.1-18.el8_4.1.x86_64.rpm libcurl-debuginfo-7.61.1-18.el8_4.1.i686.rpm libcurl-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm libcurl-devel-7.61.1-18.el8_4.1.i686.rpm libcurl-devel-7.61.1-18.el8_4.1.x86_64.rpm libcurl-minimal-7.61.1-18.el8_4.1.i686.rpm libcurl-minimal-7.61.1-18.el8_4.1.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-18.el8_4.1.i686.rpm libcurl-minimal-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYUmbl9zjgjWX9erEAQi0VRAAkVIQKLPCBEK+Dy1js5VwXXZssOhvgmm/ xe9piCdrgBrbILxPEY0hkPYCmw3hKsRWD3FCMou6275HUJydJQpqANDmP/msUZOE LYJcM6cMWR7/2HWtgx6BQ5z6PZte+vzetzoHPDjI8O25kqd+BfT6JN0wCzKUQrUO auFPz1Sqj3UG1PHB62fSBJ4MpmRrCtJJh/Q84Rfp2JilVmsCpAOCm+gHEye3tu49 yF0fSA+JLS9Ut1XzaktucevPiwApj2dmxuagGFftvPzaP+cMz5V7Hv5akI89uapk L+Q4T37Fx53MQg+CAI1uDg2jxkfk96fijCoM2oczsQW4Np0HWH2tyAkg9+gJCB3h KScu9RXUr3uYCSoy9zyurEceoGbJWDRvh9B/0BNhY6ywjG+c/+bXAJDDs0pA049g CkpJERsNGhgXgDm+ONgVwxaHDRKlcX6wYTgyWfAw9qOLmhZrQbhfSzt9ebhpd0HL Avv8qpCjtxTx5E9QBAlnDcUCb3cqQkD3/j9y9I4zAtAFoF6oWQ4xqQO8cJqGNPZ/ qztENtA7CKd0bgYEPOuujdWtTnK/s3iww+LRkCuzHNzNneQGeSziZJfB38rlKCLq lZHwCRl0EYrfcjBziwR6LLbpEe2u6vdsQKDfPXHuld+wfgYTTmtxhTVPMy8FKSf5 TuOJZuxQys4= =DwWr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud 1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage 1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error 1936886 - Service account token of existing remote cluster cannot be updated by using the web console 1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically 1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend 1951869 - MigPlan custom resource does not detect invalid source cluster reference 1968621 - Paused deployment config causes a migration to hang 1970338 - Parallel migrations fail because the initial backup is missing 1974737 - Migration plan name length in the "Migration plan" wizard is not validated 1975369 - "Debug view" link text on "Migration plans" page can be improved 1975372 - Destination namespace in MigPlan custom resource is not validated 1976895 - Namespace mapping cannot be changed using the Migration Plan wizard 1981810 - "Excluded" resources are not excluded from the migration 1982026 - Direct image migration fails if the source URI contains a double slash ("//") 1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list 1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration 1996784 - "Migration resources" tree on the "Migration details" page is not displayed 1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected 1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization 1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations 1996938 - Search function on "Migration plans" page displays no results 1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase 1997127 - Direct volume migration "retry" feature does not work correctly after a network failure 1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility 1997180 - "migration-log-reader" pod does not log invalid Rsync options 1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling 1997694 - "Update operator" link on the "Clusters" page is incorrect 1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration 1998062 - Rsync pod uses upstream image 1998283 - "Migration step details" link on the "Migrations" page does not work 1998550 - "Migration plan" wizard does not support certain screen resolutions 1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error 1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration 1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons 1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000205 - "Options" menu on the "Migration details" page displays incorrect items 2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace 2000243 - "Migration plan" wizard does not allow a migration within the same cluster 2000644 - Invalid migration plan causes "controller" pod to crash 2000875 - State migration status on "Migrations" page displays "Stage succeeded" message 2000979 - "clusterIPs" parameter of "service" object can cause Velero errors 2001089 - Direct volume migration fails because of missing CA path configuration 2001173 - Migration plan requires two clusters 2001786 - Migration fails during "Stage Backup" step because volume path on host not found 2001829 - Migration does not complete when the namespace contains a cron job with a PVC 2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice 2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall 2002608 - Migration of unmounted PVC fails during "StageBackup" phase 2002897 - Rollback migration does not complete when the namespace contains a cron job 2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs 2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings 2004923 - Web console displays "New operator version available" notification for incorrect operator 2005143 - Combining Rsync and Stunnel in a single pod can degrade performance 2006316 - Web console cannot create migration plan in a proxy environment 2007175 - Web console cannot be launched in a proxy environment
- JIRA issues fixed (https://issues.jboss.org/):
MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.
Container updates:
-
RHACM 2.1.11 images (BZ# 1999375)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images
- These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance m804pb",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "simatic rtu3030c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance m816-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.22"
},
{
"model": "simatic rtu 3041c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "simatic rtu3010c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "logo\\! cmr2040",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ruggedcomrm 1224 lte",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic cp 1545-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "scalance m876-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "scalance m812-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "logo\\! cmr2020",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance mum856-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic rtu3031c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "scalance m876-4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.4"
},
{
"model": "scalance m874-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "siplus net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.22"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "scalance m874-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.77.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.36"
},
{
"model": "scalance m826-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
}
],
"trust": 0.8
},
"cve": "CVE-2021-22924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381398",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2021-22924",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22924",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1569",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-381398",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n curl 7.74.0-1ubuntu2.1\n libcurl3-gnutls 7.74.0-1ubuntu2.1\n libcurl3-nss 7.74.0-1ubuntu2.1\n libcurl4 7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.6\n libcurl3-gnutls 7.68.0-1ubuntu2.6\n libcurl3-nss 7.68.0-1ubuntu2.6\n libcurl4 7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.14\n libcurl3-gnutls 7.58.0-2ubuntu3.14\n libcurl3-nss 7.58.0-2ubuntu3.14\n libcurl4 7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang\n1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang\n1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security update\nAdvisory ID: RHSA-2021:3582-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3582\nIssue date: 2021-09-21\nCVE Names: CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Content not matching hash in Metalink is not being discarded\n(CVE-2021-22922)\n\n* curl: Metalink download sends credentials (CVE-2021-22923)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1981435 - CVE-2021-22922 curl: Content not matching hash in Metalink is not being discarded\n1981438 - CVE-2021-22923 curl: Metalink download sends credentials\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-18.el8_4.1.src.rpm\n\naarch64:\ncurl-7.61.1-18.el8_4.1.aarch64.rpm\ncurl-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm\ncurl-debugsource-7.61.1-18.el8_4.1.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm\nlibcurl-7.61.1-18.el8_4.1.aarch64.rpm\nlibcurl-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm\nlibcurl-devel-7.61.1-18.el8_4.1.aarch64.rpm\nlibcurl-minimal-7.61.1-18.el8_4.1.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-18.el8_4.1.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-18.el8_4.1.ppc64le.rpm\ncurl-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm\ncurl-debugsource-7.61.1-18.el8_4.1.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm\nlibcurl-7.61.1-18.el8_4.1.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm\nlibcurl-devel-7.61.1-18.el8_4.1.ppc64le.rpm\nlibcurl-minimal-7.61.1-18.el8_4.1.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-18.el8_4.1.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-18.el8_4.1.s390x.rpm\ncurl-debuginfo-7.61.1-18.el8_4.1.s390x.rpm\ncurl-debugsource-7.61.1-18.el8_4.1.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-18.el8_4.1.s390x.rpm\nlibcurl-7.61.1-18.el8_4.1.s390x.rpm\nlibcurl-debuginfo-7.61.1-18.el8_4.1.s390x.rpm\nlibcurl-devel-7.61.1-18.el8_4.1.s390x.rpm\nlibcurl-minimal-7.61.1-18.el8_4.1.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-18.el8_4.1.s390x.rpm\n\nx86_64:\ncurl-7.61.1-18.el8_4.1.x86_64.rpm\ncurl-debuginfo-7.61.1-18.el8_4.1.i686.rpm\ncurl-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm\ncurl-debugsource-7.61.1-18.el8_4.1.i686.rpm\ncurl-debugsource-7.61.1-18.el8_4.1.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-18.el8_4.1.i686.rpm\ncurl-minimal-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm\nlibcurl-7.61.1-18.el8_4.1.i686.rpm\nlibcurl-7.61.1-18.el8_4.1.x86_64.rpm\nlibcurl-debuginfo-7.61.1-18.el8_4.1.i686.rpm\nlibcurl-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm\nlibcurl-devel-7.61.1-18.el8_4.1.i686.rpm\nlibcurl-devel-7.61.1-18.el8_4.1.x86_64.rpm\nlibcurl-minimal-7.61.1-18.el8_4.1.i686.rpm\nlibcurl-minimal-7.61.1-18.el8_4.1.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-18.el8_4.1.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-18.el8_4.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22922\nhttps://access.redhat.com/security/cve/CVE-2021-22923\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYUmbl9zjgjWX9erEAQi0VRAAkVIQKLPCBEK+Dy1js5VwXXZssOhvgmm/\nxe9piCdrgBrbILxPEY0hkPYCmw3hKsRWD3FCMou6275HUJydJQpqANDmP/msUZOE\nLYJcM6cMWR7/2HWtgx6BQ5z6PZte+vzetzoHPDjI8O25kqd+BfT6JN0wCzKUQrUO\nauFPz1Sqj3UG1PHB62fSBJ4MpmRrCtJJh/Q84Rfp2JilVmsCpAOCm+gHEye3tu49\nyF0fSA+JLS9Ut1XzaktucevPiwApj2dmxuagGFftvPzaP+cMz5V7Hv5akI89uapk\nL+Q4T37Fx53MQg+CAI1uDg2jxkfk96fijCoM2oczsQW4Np0HWH2tyAkg9+gJCB3h\nKScu9RXUr3uYCSoy9zyurEceoGbJWDRvh9B/0BNhY6ywjG+c/+bXAJDDs0pA049g\nCkpJERsNGhgXgDm+ONgVwxaHDRKlcX6wYTgyWfAw9qOLmhZrQbhfSzt9ebhpd0HL\nAvv8qpCjtxTx5E9QBAlnDcUCb3cqQkD3/j9y9I4zAtAFoF6oWQ4xqQO8cJqGNPZ/\nqztENtA7CKd0bgYEPOuujdWtTnK/s3iww+LRkCuzHNzNneQGeSziZJfB38rlKCLq\nlZHwCRl0EYrfcjBziwR6LLbpEe2u6vdsQKDfPXHuld+wfgYTTmtxhTVPMy8FKSf5\nTuOJZuxQys4=\n=DwWr\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud\n1887526 - \"Stage\" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage\n1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error\n1936886 - Service account token of existing remote cluster cannot be updated by using the web console\n1936894 - \"Ready\" status of MigHook and MigPlan custom resources is not synchronized automatically\n1949117 - \"Migration plan resources\" page displays a permanent error message when a migration plan is deleted from the backend\n1951869 - MigPlan custom resource does not detect invalid source cluster reference\n1968621 - Paused deployment config causes a migration to hang\n1970338 - Parallel migrations fail because the initial backup is missing\n1974737 - Migration plan name length in the \"Migration plan\" wizard is not validated\n1975369 - \"Debug view\" link text on \"Migration plans\" page can be improved\n1975372 - Destination namespace in MigPlan custom resource is not validated\n1976895 - Namespace mapping cannot be changed using the Migration Plan wizard\n1981810 - \"Excluded\" resources are not excluded from the migration\n1982026 - Direct image migration fails if the source URI contains a double slash (\"//\")\n1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list\n1996169 - When \"None\" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used\n1996627 - MigPlan custom resource displays a \"PvUsageAnalysisFailed\" warning after a successful PVC migration\n1996784 - \"Migration resources\" tree on the \"Migration details\" page is not displayed\n1996902 - \"Select all\" checkbox on the \"Namespaces\" page of the \"Migration plan\" wizard remains selected after a namespace is unselected\n1996904 - \"Migration\" dialogs on the \"Migration plans\" page display inconsistent capitalization\n1996906 - \"Migration details\" page link is displayed for a migration plan with no associated migrations\n1996938 - Search function on \"Migration plans\" page displays no results\n1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during \"StageBackup\" phase\n1997127 - Direct volume migration \"retry\" feature does not work correctly after a network failure\n1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility\n1997180 - \"migration-log-reader\" pod does not log invalid Rsync options\n1997665 - Selected PVCs in the \"State migration\" dialog are reset because of background polling\n1997694 - \"Update operator\" link on the \"Clusters\" page is incorrect\n1997827 - \"Migration plan\" wizard displays PVC names incorrectly formatted after running state migration\n1998062 - Rsync pod uses upstream image\n1998283 - \"Migration step details\" link on the \"Migrations\" page does not work\n1998550 - \"Migration plan\" wizard does not support certain screen resolutions\n1998581 - \"Migration details\" link on \"Migration plans\" page displays \"latestIsFailed\" error\n1999113 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n1999381 - MigPlan custom resource displays \"Stage completed with warnings\" status after successful migration\n1999528 - Position of the \"Add migration plan\" button is different from the other \"Add\" buttons\n1999765 - \"Migrate\" button on \"State migration\" dialog is enabled when no PVCs are selected\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2000205 - \"Options\" menu on the \"Migration details\" page displays incorrect items\n2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace\n2000243 - \"Migration plan\" wizard does not allow a migration within the same cluster\n2000644 - Invalid migration plan causes \"controller\" pod to crash\n2000875 - State migration status on \"Migrations\" page displays \"Stage succeeded\" message\n2000979 - \"clusterIPs\" parameter of \"service\" object can cause Velero errors\n2001089 - Direct volume migration fails because of missing CA path configuration\n2001173 - Migration plan requires two clusters\n2001786 - Migration fails during \"Stage Backup\" step because volume path on host not found\n2001829 - Migration does not complete when the namespace contains a cron job with a PVC\n2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice\n2002420 - \"Stage\" pod not created for completed application pod, causing the \"mig-controller\" to stall\n2002608 - Migration of unmounted PVC fails during \"StageBackup\" phase\n2002897 - Rollback migration does not complete when the namespace contains a cron job\n2003603 - \"View logs\" dialog displays the \"--selector\" option, which does not print all logs\n2004601 - Migration plan status on \"Migration plans\" page is \"Ready\" after migration completed with warnings\n2004923 - Web console displays \"New operator version available\" notification for incorrect operator\n2005143 - Combining Rsync and Stunnel in a single pod can degrade performance\n2006316 - Web console cannot create migration plan in a proxy environment\n2007175 - Web console cannot be launched in a proxy environment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-785 - Search for \"Crane\" in the Operator Hub should display the Migration Toolkit for Containers\n\n6. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22924"
},
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "169318"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22924",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-732250",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "HACKERONE",
"id": "1223565",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164583",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164755",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163637",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164523",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164562",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164511",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164221",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164342",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164282",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3211",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4266",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3941",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3878",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3472",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1637",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2755",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3167",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3499",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3649",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042566",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112309",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110313",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080210",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021090834",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072814",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166714",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164555",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-13",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165008",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381398",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22924",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"id": "VAR-202108-2222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
}
],
"trust": 0.7410993499999999
},
"last_update_date": "2024-09-19T20:42:00.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Arch Linux Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=157203"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22924 log"
},
{
"title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
},
{
"title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
},
{
"title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
},
{
"title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
},
{
"title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
},
{
"title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-706",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1223565"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164342/red-hat-security-advisory-2021-3694-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042566"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-13"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2755"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112309"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164755/red-hat-security-advisory-2021-4104-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3649"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3211"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3430"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3472"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072814"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3499"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080210"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164221/red-hat-security-advisory-2021-3582-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164511/red-hat-security-advisory-2021-3851-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-information-disclosure-via-connection-reuse-35955"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2526"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3878"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072212"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110313"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6495409"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3167"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2473"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3485"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163637/ubuntu-security-notice-usn-5021-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3941"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021090834"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1637"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32626"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32687"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32675"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-41099"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23017"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32627"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32672"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32628"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q3/26"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/asa-202107-61"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_con"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381398"
},
{
"date": "2021-07-22T23:15:11",
"db": "PACKETSTORM",
"id": "163637"
},
{
"date": "2021-10-15T15:06:44",
"db": "PACKETSTORM",
"id": "164523"
},
{
"date": "2021-10-20T15:45:47",
"db": "PACKETSTORM",
"id": "164562"
},
{
"date": "2021-10-14T15:19:59",
"db": "PACKETSTORM",
"id": "164511"
},
{
"date": "2021-10-21T15:31:47",
"db": "PACKETSTORM",
"id": "164583"
},
{
"date": "2021-09-21T15:40:44",
"db": "PACKETSTORM",
"id": "164221"
},
{
"date": "2021-09-30T16:27:16",
"db": "PACKETSTORM",
"id": "164342"
},
{
"date": "2021-09-24T15:49:04",
"db": "PACKETSTORM",
"id": "164282"
},
{
"date": "2021-11-12T17:01:04",
"db": "PACKETSTORM",
"id": "164948"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"date": "2021-08-05T21:15:11.380000",
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-381398"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1569"
},
{
"date": "2024-03-27T15:11:45.923000",
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1569"
}
],
"trust": 0.6
}
}
var-202109-1789
Vulnerability from variot
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got before the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:
An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
-
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)
-
curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General Availability release images, which provide one or more container updates and bug fixes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
CVE-2021-3795 semver-regex: inefficient regular expression complexity
-
CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
Related bugs:
-
RHACM 2.2.10 images (Bugzilla #2013652)
-
Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images
- ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
USN-5079-1 introduced a regression in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16
In general, a standard system update will make all the necessary changes. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
- Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1858 - OpenShift Alerting Rules Style-Guide Compliance LOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
- Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.
Security Fix(es):
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1789",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.2"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.79.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.35"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22947",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22947",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-381421",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-22947",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22947",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381421",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-dotnet31-curl security update\nAdvisory ID: RHSA-2022:1354-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1354\nIssue date: 2022-04-13\nCVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 General\nAvailability release images, which provide one or more container updates\nand bug fixes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of\nCVE-2019-10747\n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. ==========================================================================\nUbuntu Security Notice USN-5079-3\nSeptember 21, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5079-1 introduced a regression in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a\nregression on Ubuntu 18.04 LTS. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that curl incorrect handled memory when sending data to\n an MQTT server. A remote attacker could use this issue to cause curl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2021-22945)\n Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946)\n Patrick Monnerat discovered that curl incorrectly handled responses\n received before STARTTLS. A remote attacker could possibly use this issue\n to inject responses and intercept communications. (CVE-2021-22947)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.16\n libcurl3-gnutls 7.58.0-2ubuntu3.16\n libcurl3-nss 7.58.0-2ubuntu3.16\n libcurl4 7.58.0-2ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1858 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. STF then transmits the information to a\ncentralized, receiving Red Hat OpenShift Container Platform (OCP)\ndeployment for storage, retrieval, and monitoring. \n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nThe Service Telemetry Framework container image provided by this update can\nbe downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References). \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22947"
},
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22947",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1334763",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164993",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165053",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166112",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381421",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164220",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"id": "VAR-202109-1789",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381421"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T22:11:17.560000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1334763"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5079-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.16"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5079-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1944120"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4628"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381421"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-381421"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-04-13T22:20:44",
"db": "PACKETSTORM",
"id": "166714"
},
{
"date": "2021-12-09T14:50:37",
"db": "PACKETSTORM",
"id": "165209"
},
{
"date": "2021-09-21T15:39:10",
"db": "PACKETSTORM",
"id": "164220"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-11-17T15:07:42",
"db": "PACKETSTORM",
"id": "164993"
},
{
"date": "2022-08-09T14:36:05",
"db": "PACKETSTORM",
"id": "168011"
},
{
"date": "2021-09-29T20:15:08.253000",
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381421"
},
{
"date": "2024-03-27T15:03:30.377000",
"db": "NVD",
"id": "CVE-2021-22947"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-0202-04",
"sources": [
{
"db": "PACKETSTORM",
"id": "165631"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164993"
}
],
"trust": 0.2
}
}
var-201902-0100
Vulnerability from variot
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201903-03
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.64.0 >= 7.64.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
References
[ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
CVE-2018-16890
Wenxiang Qian of Tencent Blade Team discovered that the function
handling incoming NTLM type-2 messages does not validate incoming
data correctly and is subject to an integer overflow vulnerability,
which could lead to an out-of-bounds buffer read.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: NTLM type-2 out-of-bounds buffer read. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "services tools bundle",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.27"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinema remote connect client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": "lt",
"trust": 0.8,
"vendor": "haxx",
"version": "7.36.0 thats all 7.64.0"
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netapp:clustered_data_ontap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Brian Carpenter, Geeknik Labs and Wenxiang Qian from Tencent Blade Team.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3822",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3822",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3822",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3822",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3822",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3822",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-124",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-3822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \u0027nt response\u0027 data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \u0027large value\u0027 needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 10, 2019\n Bugs: #665292, #670026, #677346\n ID: 201903-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.64.0 \u003e= 7.64.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.64.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-14618\n https://nvd.nist.gov/vuln/detail/CVE-2018-14618\n[ 2 ] CVE-2018-16839\n https://nvd.nist.gov/vuln/detail/CVE-2018-16839\n[ 3 ] CVE-2018-16840\n https://nvd.nist.gov/vuln/detail/CVE-2018-16840\n[ 4 ] CVE-2018-16842\n https://nvd.nist.gov/vuln/detail/CVE-2018-16842\n[ 5 ] CVE-2019-3822\n https://nvd.nist.gov/vuln/detail/CVE-2019-3822\n[ 6 ] CVE-2019-3823\n https://nvd.nist.gov/vuln/detail/CVE-2019-3823\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nCVE-2018-16890\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could possibly use this issue to\ncause curl to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n NTLM type-2 out-of-bounds buffer read. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3822",
"trust": 3.4
},
{
"db": "BID",
"id": "106950",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152034",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3822",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"id": "VAR-201902-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.71363634
},
"last_update_date": "2024-08-14T13:17:28.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTAP-20190315-0001",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"title": "NTLMv2 type-3 header stack buffer overflow",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/CVE-2019-3822.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193701 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-3822",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-3822"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3882-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-3822"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1297",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1297"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "fedsummit_19",
"trust": 0.1,
"url": "https://github.com/clemenko/fedsummit_19 "
},
{
"title": "dc19_supply_chain",
"trust": 0.1,
"url": "https://github.com/clemenko/dc19_supply_chain "
},
{
"title": "dc19_supply_chain",
"trust": 0.1,
"url": "https://github.com/bbrungi/dc19_supply_chain "
},
{
"title": "BlackHat2019",
"trust": 0.1,
"url": "https://github.com/saiyuki1919/BlackHat2019 "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-squashes-53-critical-bugs-in-april-security-update/143845/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106950"
},
{
"trust": 2.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3822"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 2.0,
"url": "https://curl.haxx.se/docs/cve-2019-3822.html"
},
{
"trust": 2.0,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 2.0,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190719-0004/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k84141449"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k84141449?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/download.html"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/86724581b6c"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/39df4073"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/2766262a68"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/50c94842"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/docs/cve-2019-3823.html"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k84141449?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/clemenko/fedsummit_19"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16842"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16840"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16839"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"date": "2019-03-11T18:48:31",
"db": "PACKETSTORM",
"id": "152034"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"date": "2019-02-06T20:29:00.353000",
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"date": "2019-07-17T06:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-124"
},
{
"date": "2023-11-07T03:10:12.823000",
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.6
}
}
var-201605-0076
Vulnerability from variot
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. OpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
- It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03756en_us Version: 1
HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-06-05 Last Updated: 2017-06-05
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2016-2105 - Remote Denial of Service (DoS)
- CVE-2016-2106 - Remote Denial of Service (DoS)
- CVE-2016-2107 - Remote disclosure of sensitive information
- CVE-2016-2108 - Remote Denial of Service (DoS)
- CVE-2016-2109 - Remote Denial of Service (DoS)
- CVE-2016-2176 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2108
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-2176
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
- 12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
iMC Products
- iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
- iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 2 June 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-5387)
-
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2016-3110)
-
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE) 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2) 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16) 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33) 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE) 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41) CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected.
III.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
Restart all daemons that use the library, or reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
Restart all daemons that use the library, or reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.x]
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc
gpg --verify openssl-10.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz
Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Then, reboot the machine or restart any network services that use OpenSSL.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 6) - i386, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. (CVE-2016-2105, CVE-2016-2106)
-
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-0799, CVE-2016-2842)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. (CVE-2016-2109)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
The References section of this erratum contains a download link (you must log in to download the update). OpenSSL Security Advisory [3rd May 2016] ========================================
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Severity: High
This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time.
In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug.
However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures.
Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.
Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities.
OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o
This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact.
The fix for the "negative zero" memory corruption bug can be identified by commits
3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Severity: High
A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.
This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 13th of April 2016 by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team.
EVP_EncodeUpdate overflow (CVE-2016-2105)
Severity: Low
An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio family of functions. These are mainly used within the OpenSSL command line applications. These internal uses are not considered vulnerable because all calls are bounded with length checks so no overflow is possible. User applications that call these APIs directly with large amounts of untrusted data may be vulnerable. (Note: Initial analysis suggested that the PEM_write_bio were vulnerable, and this is reflected in the patch commit message. This is no longer believed to be the case).
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
EVP_EncryptUpdate overflow (CVE-2016-2106)
Severity: Low
An overflow can occur in the EVP_EncryptUpdate() function. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur.
This could still represent a security issue for end user code that calls this function directly.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
ASN.1 BIO excessive memory allocation (CVE-2016-2109)
Severity: Low
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.
Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are not affected. Since the memory based functions are used by the TLS library, TLS applications are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. The fix was developed by Stephen Henson of the OpenSSL development team.
EBCDIC overread (CVE-2016-2176)
Severity: Low
ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160503.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2e"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1s"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2f"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2g"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "registered envelope service",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "paging server",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "nexus series switches 5.2 sv3",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "1000v"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "spa51x series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "network health framework",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "spa232d multi-line dect ata",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2.1"
},
{
"model": "unified series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "780011.5.2"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.0"
},
{
"model": "clean access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "lancope stealthwatch flowcollector netflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(3.10000.9)"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6(3)"
},
{
"model": "10.2-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.2"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.40"
},
{
"model": "emergency responder",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "video distribution suite for internet streaming",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3.2"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "tivoli netcool system service monitor fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "lancope stealthwatch udp director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.2"
},
{
"model": "nexus series blade switches 0.9.8zf",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "telepresence isdn link",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1.6"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.1"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "telepresence sx series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.6"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.51"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.131"
},
{
"model": "unified workforce optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "lancope stealthwatch flowcollector netflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.1"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mediasense 9.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "abyp-4tl-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "cognos business intelligence interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.119"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "aspera shares",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.6"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.0.0"
},
{
"model": "10.1-release-p26",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "enterprise content delivery system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.8"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.2"
},
{
"model": "prime collaboration assurance sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "tivoli netcool system service monitors fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1)"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.16"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "intelligent automation for cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber guest",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3361"
},
{
"model": "10.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unified ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "69010"
},
{
"model": "prime security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.4.3"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.13-34"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "im and presence service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "ata analog telephone adaptor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1879.2.5"
},
{
"model": "tivoli netcool system service monitors fp15",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "jabber guest",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5(2)"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.1"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.3"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ucs central 1.5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime collaboration deployment",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "series ip phones vpn feature",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8800-11.5.2"
},
{
"model": "mobile foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3394"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.2"
},
{
"model": "visual quality experience server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "project openssl 1.0.1t",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "anyconnect secure mobility client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.1-release-p28",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "agent for openflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.4.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.0"
},
{
"model": "webex recording playback client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa next-generation firewall services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.3-release-p38",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10.1"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "9.3-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "mds series multilayer switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90008.3"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.16-37"
},
{
"model": "10.2-release-p13",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "nexus series switches 7.3.1nx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "opensuse evergreen",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "prime infrastructure standalone plug and play gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "spa50x series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli netcool system service monitors interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.014-01"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.3"
},
{
"model": "lancope stealthwatch flowcollector sflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "media experience engines",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.4"
},
{
"model": "telepresence integrator c series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "anyconnect secure mobility client",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87100"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4-23"
},
{
"model": "10.2-release-p14",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-release-p17",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.25-57"
},
{
"model": "sterling connect:express for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6.1146-109"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-43"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.5"
},
{
"model": "workload deployer if12",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.7"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus intercloud",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "media experience engines",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "ips",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4.2"
},
{
"model": "unified workforce optimization quality management sr3 es5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "meetingplace",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.2"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime access registrar",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.7"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "webex messenger service ep1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "mediasense",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "unified ip phone 9.4.2sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8961"
},
{
"model": "10.2-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unified wireless ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10.1-release-p27",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "spa122 ata with router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4.5"
},
{
"model": "media experience engines",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "webex meeting center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.9.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "lancope stealthwatch flowcollector netflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.2"
},
{
"model": "webex node for mcs",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.12.9.8"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.8"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "10.2-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "cloud manager with openstack interix fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.3"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "virtual security gateway for microsoft hyper-v",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.11-28"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.31"
},
{
"model": "mysql workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.5"
},
{
"model": "prime optical for sps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pureapplication system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1"
},
{
"model": "abyp-2t-1s-1l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "mds series multilayer switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90006.2.17"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.19"
},
{
"model": "project openssl 1.0.1r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "anyconnect secure mobility client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.3"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "aspera console",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.0.997"
},
{
"model": "anyconnect secure mobility client for os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x4.3"
},
{
"model": "unified ip phone series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79000"
},
{
"model": "anyconnect secure mobility client for android",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "lancope stealthwatch flowsensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "connected analytics for collaboration 1.0.1q",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "jabber guest",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "abyp-2t-1s-1l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "lancope stealthwatch flowcollector sflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.7.3"
},
{
"model": "mmp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.19"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.30.0-13"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "abyp-10g-2sr-2lr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "tivoli provisioning manager for images build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.20280.6"
},
{
"model": "computer telephony integration object server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.51"
},
{
"model": "unified communications for microsoft lync",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6.7"
},
{
"model": "prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.4.2-4"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "ons series multiservice provisioning platforms",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1545410.6.1"
},
{
"model": "telepresence isdn link",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.4"
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "openssh for gpfs for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.0.31"
},
{
"model": "agent for openflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.7"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.5"
},
{
"model": "cognos business intelligence interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.117"
},
{
"model": "unified contact center enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.51"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3)"
},
{
"model": "globalprotect agent",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "3.1.0"
},
{
"model": "webex meetings for wp8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "abyp-2t-2s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "webex meetings for android",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "mds series multilayer switches 7.3.1nx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "mds series multilayer switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "ios software and cisco ios xe software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "16.3.1"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "webex meeting center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.9.0.5"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15-36"
},
{
"model": "ace application control engine module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "300"
},
{
"model": "lancope stealthwatch flowsensor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.7.3"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "tivoli provisioning manager for os deployment build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1051.08"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.10"
},
{
"model": "enterprise content delivery system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1)"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vm virtualbox",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.22"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "mobile foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.0"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings client hosted t31r1sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cloud manager with openstack interim fix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "9.3-release-p35",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance series ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60002.8"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3x000"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "unified sip proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.3"
},
{
"model": "abyp-0t-4s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "10.2-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "spa50x series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "abyp-4ts-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "ata series analog terminal adaptor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1901.3"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "virtualization experience media engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "abyp-10g-4lr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3200"
},
{
"model": "abyp-10g-4lr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.8"
},
{
"model": "9.3-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "unified communications for microsoft lync",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "spa122 ata with router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.1-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli composite application manager for transactions if03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.1"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4"
},
{
"model": "identity services engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.1"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "tivoli provisioning manager for os deployment build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.151.05"
},
{
"model": "10.1-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "webex meetings server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(2.10000.5)"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "telepresence mx series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "telepresence server on multiparty media",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.4"
},
{
"model": "lancope stealthwatch flowcollector sflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8"
},
{
"model": "qradar siem/qrif/qrm/qvm patch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.71"
},
{
"model": "digital media players series 5.3 rb",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "telepresence profile series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.41"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "openssh for gpfs for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "abyp-0t-0s-4l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches 7.3.1nx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7000"
},
{
"model": "jabber for android mr",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "abyp-4t-0s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"model": "connected grid router-cgos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2919"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "lancope stealthwatch smc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "telepresence server on virtual machine mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "anyconnect secure mobility client",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "unified ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "69450"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60008.3"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.30.2-9"
},
{
"model": "abyp-0t-2s-2l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70008.3"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.2"
},
{
"model": "webex meetings server ssl gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "sterling connect:express for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6.1146-110"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "lancope stealthwatch flowcollector sflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.1"
},
{
"model": "ironport email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.3-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.12"
},
{
"model": "sterling connect:express for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6.1146-113"
},
{
"model": "lancope stealthwatch flowsensor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "spa30x series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.30-12"
},
{
"model": "webex meetings client on premises",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.3"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70100"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3(1)"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "bm security identity governance and intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.12"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.7"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5(.1.131)"
},
{
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.3"
},
{
"model": "prime access registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(1)"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "algo audit and compliance if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.32"
},
{
"model": "spa525g",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.4"
},
{
"model": "lancope stealthwatch flowsensor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.1"
},
{
"model": "9.3-release-p25",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "abyp-0t-2s-2l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone 9.4.2sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9971"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.29-9"
},
{
"model": "series ip phones vpn feature",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8800-0"
},
{
"model": "nexus series switches 7.3.1dx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "abyp-2t-0s-2l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "spa112 2-port phone adapter",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3387"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.1.1"
},
{
"model": "telepresence server mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.2"
},
{
"model": "webex messenger service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.20"
},
{
"model": "abyp-10g-4sr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "media experience engines",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "10.3-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "connected grid router 15.6.2.15t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "video distribution suite for internet streaming",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "telepresence server on multiparty media mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "cloupia unified infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5:20"
},
{
"model": "jabber for mac",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.7"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "agent desktop for cisco unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "telepresence server on multiparty media mr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70006.2.17"
},
{
"model": "digital media players series 5.3 rb",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "lancope stealthwatch smc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.7.3"
},
{
"model": "packet tracer",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "network analysis module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "unified wireless ip phone",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1"
},
{
"model": "anyconnect secure mobility client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "security access manager for web",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"model": "virtual security gateway vsg2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.17"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.1"
},
{
"model": "policy suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "webex meetings client on premises",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-2.7"
},
{
"model": "10.2-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "spa51x series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.5"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "unified ip conference phone for third-party call control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "unified intelligence center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "telepresence server on virtual machine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.0.0"
},
{
"model": "common services platform collector",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.9.1"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7"
},
{
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(3.10000.9)"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "project openssl 1.0.1q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "dcm series 9900-digital content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.3"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.16"
},
{
"model": "digital media manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.0"
},
{
"model": "tivoli provisioning manager for os deployment intirim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.133"
},
{
"model": "telepresence sx series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.2"
},
{
"model": "lancope stealthwatch flowcollector sflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.2"
},
{
"model": "anyconnect secure mobility client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "webex meetings client hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "webex meetings for wp8",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "sterling connect:express for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6.1146-108"
},
{
"model": "sterling connect:express for unix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.13"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2.1)"
},
{
"model": "webex meetings for wp8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6.1"
},
{
"model": "physical access control gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.5.7"
},
{
"model": "9.3-release-p24",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "webex messenger service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "10.1-release-p19",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mmp server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.10"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "prime ip express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application and content networking system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.5.41"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "mysql workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.4"
},
{
"model": "10.1-release-p30",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p13",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.2.1"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "intelligent automation for cloud",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "0.9.8"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "edge digital media player 1.6rb4 5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "300"
},
{
"model": "mds series multilayer switches 7.3.1dx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99510"
},
{
"model": "abyp-10g-4sr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "9.3-release-p36",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.6"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89450"
},
{
"model": "digital media manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1"
},
{
"model": "tivoli provisioning manager for os deployment build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.20280.6"
},
{
"model": "lancope stealthwatch flowsensor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.2"
},
{
"model": "video surveillance series ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30002.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "partner supporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mobility services engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "edge digital media player",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3401.2.0.20"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "abyp-0t-4s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "spa30x series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.5"
},
{
"model": "unified series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "78000"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "digital media players series 5.4 rb",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "10.2-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "security access manager for web",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.0"
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "standalone rack server cimc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "spa112 2-port phone adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.12.2"
},
{
"model": "intracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "lancope stealthwatch smc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8"
},
{
"model": "jabber for apple ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.6.2"
},
{
"model": "video surveillance series high-definition ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "40002.4.7"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "9.3-release-p33",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "tivoli provisioning manager for os deployment build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1051.07"
},
{
"model": "mq appliance m2001",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ironport email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.2"
},
{
"model": "anyconnect secure mobility client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.112"
},
{
"model": "spa525g",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.5"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.3"
},
{
"model": "mmp server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.9.0.5"
},
{
"model": "9.3-release-p41",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli netcool system service monitors fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "telepresence integrator c series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.2"
},
{
"model": "lancope stealthwatch udp director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud object store",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.8"
},
{
"model": "anyconnect secure mobility client for android",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "cognos business intelligence fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.12"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.4"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.1-release-p25",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.1.5"
},
{
"model": "registered envelope service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "lancope stealthwatch smc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.1"
},
{
"model": "tivoli netcool system service monitors fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "tivoli netcool system service monitor fp14",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99710"
},
{
"model": "telepresence content server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5(4)"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server on multiparty media",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.4"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"model": "security guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "anyconnect secure mobility client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "mq appliance m2000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ata analog telephone adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1870"
},
{
"model": "asa cx and prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "universal small cell series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50003.5.12.21"
},
{
"model": "project openssl 1.0.1m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "anyconnect secure mobility client for android",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(1)"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50007.3.1"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5(3)"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "10.1-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "unified ip phone 9.4.2sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8945"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.18-49"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(1.10000.12)"
},
{
"model": "telepresence ex series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.3"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "10.3-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13-41"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "show and share",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network admission control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications for microsoft lync",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "universal small cell series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70003.4.2.0"
},
{
"model": "10.1-release-p33",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "nexus series switches 7.3.1dx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "telepresence conductor",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "abyp-0t-0s-4l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "unified attendant console standard",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.115"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.0"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"model": "jazz reporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "connected grid routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.13"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5(.1.6)"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified workforce optimization sr3 es5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "unified communications manager 10.5 su3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "jazz reporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.4"
},
{
"model": "abyp-2t-2s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "abyp-4tl-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "nac server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "lancope stealthwatch udp director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.7.3"
},
{
"model": "application policy infrastructure controller",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0(0.400)"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3381"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9-34"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "abyp-4ts-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3100"
},
{
"model": "9.3-release-p31",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security proventia network active bypass 0343c3c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "cloud manager with openstack interim fix1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "unified ip phones 9.3 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6901"
},
{
"model": "digital media manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.6"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(0.98000.225)"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "prime performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.4"
},
{
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "telepresence video communication server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "lancope stealthwatch flowcollector netflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "lancope stealthwatch smc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.2"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "abyp-10g-2sr-2lr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "prime optical for sps",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.4"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.0"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50008.3"
},
{
"model": "10.1-release-p31",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "tivoli netcool system service monitors interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.12-04"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2.1"
},
{
"model": "netflow generation appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pureapplication system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2.3"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.2"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings server ssl gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-2.7"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.6"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.5"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1.10000.5)"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.6"
},
{
"model": "tivoli composite application manager for transactions if37",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "tivoli network manager ip edition fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.94"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "commerce experience manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "prime license manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3376"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-42"
},
{
"model": "video surveillance series ip cameras",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70002.8"
},
{
"model": "expressway series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "abyp-4t-0s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "virtual security gateway for microsoft hyper-v vsg2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "connected grid router cgos 15.6.2.15t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "9.3-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli netcool system service monitors interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.12-01"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "nexus series switches 7.3.1nx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "application and content networking system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mmp server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.9.1"
},
{
"model": "project openssl 1.0.1k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.3-release-p39",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sterling connect:express for unix ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6.1146-114"
},
{
"model": "telepresence mx series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.2"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "spa232d multi-line dect ata",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4.5"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "tivoli provisioning manager for images build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.20290.1"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "telepresence profile series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"model": "anyconnect secure mobility client for os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x4.2"
},
{
"model": "tivoli netcool system service monitors interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.014-08"
},
{
"model": "lancope stealthwatch udp director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8"
},
{
"model": "universal small cell series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "70003.5.12.21"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "globalprotect agent",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "3.1.1"
},
{
"model": "dcm series 9900-digital content manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "19.0"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.2.0"
},
{
"model": "10.3-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1876"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "10.3-release-p2",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unified ip phone 9.4.2sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9951"
},
{
"model": "local collector appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.12"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "websphere cast iron cloud integration",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.32"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.0"
},
{
"model": "content security appliance updater servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.1-release-p29",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "connected analytics for collaboration",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "multicast manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.1-release-p23",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "lancope stealthwatch flowcollector netflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.7.3"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "telepresence ex series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "10.1-release-p16",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "jazz reporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50006.2.17"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.30.4-12"
},
{
"model": "webex node for mcs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder 10.5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "qradar siem mr2 patch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.113"
},
{
"model": "unified communications manager session management edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900012.0"
},
{
"model": "lancope stealthwatch udp director",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.8.1"
},
{
"model": "9.3-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "virtualization experience media engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.7(0)"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "9.3-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.3"
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual security gateway for microsoft hyper-v",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "services analytic platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber for apple ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.7"
},
{
"model": "unified ip phone series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79009.4(2)"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89610"
},
{
"model": "nexus series switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.2.17"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.2"
},
{
"model": "unified series ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "video surveillance media server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9"
},
{
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "agent for openflow",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1.5"
},
{
"model": "10.2-release-p16",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "project openssl 1.0.2h",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "virtual security gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3379"
},
{
"model": "policy suite",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager session management edition",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "videoscape control suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "prime access registrar",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "anyres live",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.5"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "9.3-release-p34",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(1)"
},
{
"model": "tivoli provisioning manager for images system edition build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.20290.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.10"
},
{
"model": "jabber software development kit",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.7"
},
{
"model": "unified contact center express",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "webex meetings server mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.99.2"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "jazz reporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "abyp-2t-0s-2l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "visual quality experience tools server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.3"
},
{
"model": "prime access registrar",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "nexus series switches 7.3.1dx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7000"
},
{
"model": "asa cx and cisco prime security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.4.3"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "project openssl 1.0.1l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "9.3-release-p29",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.2"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "anyconnect secure mobility client for os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x4.0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(2.13900.9)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(0.98000.88)"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.1"
},
{
"model": "project openssl 1.0.1p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "89744"
},
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "138471"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "136958"
},
{
"db": "PACKETSTORM",
"id": "139115"
},
{
"db": "PACKETSTORM",
"id": "136937"
},
{
"db": "PACKETSTORM",
"id": "139167"
},
{
"db": "PACKETSTORM",
"id": "139116"
}
],
"trust": 0.7
},
"cve": "CVE-2016-2106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2106",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2106",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2106",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2106",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. \nOpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n - CVE-2016-2105 - Remote Denial of Service (DoS)\n - CVE-2016-2106 - Remote Denial of Service (DoS)\n - CVE-2016-2107 - Remote disclosure of sensitive information\n - CVE-2016-2108 - Remote Denial of Service (DoS)\n - CVE-2016-2109 - Remote Denial of Service (DoS)\n - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2108\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-2176\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) - Version: R7377P02\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 10500 (Comware 7) - Version: R7184\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5900/5920 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR1000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR2000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR3000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR4000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + VSR (Comware 7) - Version: E0324\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7900 (Comware 7) - Version: R2152\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130 (Comware 7) - Version: R3115\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6125XLG - Version: R2422P02\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6127XLG - Version: R2422P02\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + Moonshot - Version: R2432\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5700 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5930 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 1950 (Comware 7) - Version: R3115\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7500 (Comware 7) - Version: R7184\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5510HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5940 - Version: R2509\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5950 - Version: R6123\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n + 12900E (Comware 7) - Version: R2609\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**iMC Products**\n\n + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**VCX Products**\n\n + VCX - Version: 9.8.19\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n(CVE-2016-5387)\n\n* It was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. \nCorrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)\n 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)\n 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)\n 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)\n 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)\n 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)\nCVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,\n CVE-2016-2176\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2016-2176]\nFreeBSD does not run on any EBCDIC systems and therefore is not affected. \n\nIII. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r299053\nreleng/9.3/ r299068\nstable/10/ r298999\nreleng/10.1/ r299068\nreleng/10.2/ r299067\nreleng/10.3/ r299066\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. 6) - i386, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:0722-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date: 2016-05-09\nCVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). OpenSSL Security Advisory [3rd May 2016]\n========================================\n\nMemory corruption in the ASN.1 encoder (CVE-2016-2108)\n======================================================\n\nSeverity: High\n\nThis issue affected versions of OpenSSL prior to April 2015. The bug\ncausing the vulnerability was fixed on April 18th 2015, and released\nas part of the June 11th 2015 security releases. The security impact\nof the bug was not known at the time. \n\nIn previous versions of OpenSSL, ASN.1 encoding the value zero\nrepresented as a negative integer can cause a buffer underflow\nwith an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does\nnot normally create \"negative zeroes\" when parsing ASN.1 input, and\ntherefore, an attacker cannot trigger this bug. \n\nHowever, a second, independent bug revealed that the ASN.1 parser\n(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag\nas a negative zero value. Large universal tags are not present in any\ncommon ASN.1 structures (such as X509) but are accepted as part of ANY\nstructures. \n\nTherefore, if an application deserializes untrusted ASN.1 structures\ncontaining an ANY field, and later reserializes them, an attacker may\nbe able to trigger an out-of-bounds write. This has been shown to\ncause memory corruption that is potentially exploitable with some\nmalloc implementations. \n\nApplications that parse and re-encode X509 certificates are known to\nbe vulnerable. Applications that verify RSA signatures on X509\ncertificates may also be vulnerable; however, only certificates with\nvalid signatures trigger ASN.1 re-encoding and hence the\nbug. Specifically, since OpenSSL\u0027s default TLS X509 chain verification\ncode verifies the certificate chain from root to leaf, TLS handshakes\ncould only be targeted with valid certificates issued by trusted\nCertification Authorities. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2c\nOpenSSL 1.0.1 users should upgrade to 1.0.1o\n\nThis vulnerability is a combination of two bugs, neither of which\nindividually has security impact. The first bug (mishandling of\nnegative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala\n(Red Hat) and independently by Hanno B\u00f6ck in April 2015. The second\nissue (mishandling of large universal tags) was found using libFuzzer,\nand reported on the public issue tracker on March 1st 2016. The fact\nthat these two issues combined present a security vulnerability was\nreported by David Benjamin (Google) on March 31st 2016. The fixes were\ndeveloped by Steve Henson of the OpenSSL development team, and David\nBenjamin. The OpenSSL team would also like to thank Mark Brand and\nIan Beer from the Google Project Zero team for their careful analysis\nof the impact. \n\nThe fix for the \"negative zero\" memory corruption bug can be\nidentified by commits\n\n3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)\nand\n32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)\n\nPadding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n======================================================\n\nSeverity: High\n\nA MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI. \n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team. \n\nEVP_EncodeUpdate overflow (CVE-2016-2105)\n=========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. \n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the\nPEM_write_bio* family of functions. These are mainly used within the OpenSSL\ncommand line applications. These internal uses are not considered vulnerable\nbecause all calls are bounded with length checks so no overflow is possible. \nUser applications that call these APIs directly with large amounts of untrusted\ndata may be vulnerable. (Note: Initial analysis suggested that the\nPEM_write_bio* were vulnerable, and this is reflected in the patch commit\nmessage. This is no longer believed to be the case). \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nEVP_EncryptUpdate overflow (CVE-2016-2106)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncryptUpdate() function. Following an analysis of all OpenSSL internal\nusage of the EVP_EncryptUpdate() function all usage is one of two forms. \nThe first form is where the EVP_EncryptUpdate() call is known to be the first\ncalled function after an EVP_EncryptInit(), and therefore that specific call\nmust be safe. The second form is where the length passed to EVP_EncryptUpdate()\ncan be seen from the code to be some small value and therefore there is no\npossibility of an overflow. Since all instances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this problem. \nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in\ncertain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been analysed too\nand it is believed there are no instances in internal usage where an overflow\ncould occur. \n\nThis could still represent a security issue for end user code that calls this\nfunction directly. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nASN.1 BIO excessive memory allocation (CVE-2016-2109)\n=====================================================\n\nSeverity: Low\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can casuse allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory. \n\nAny application parsing untrusted data through d2i BIO functions is affected. \nThe memory based functions such as d2i_X509() are *not* affected. Since the\nmemory based functions are used by the TLS library, TLS applications are not\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. \nThe fix was developed by Stephen Henson of the OpenSSL development team. \n\nEBCDIC overread (CVE-2016-2176)\n===============================\n\nSeverity: Low\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. This could result in\narbitrary stack data being returned in the buffer. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160503.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2106"
},
{
"db": "BID",
"id": "89744"
},
{
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"db": "PACKETSTORM",
"id": "138471"
},
{
"db": "PACKETSTORM",
"id": "142803"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "136919"
},
{
"db": "PACKETSTORM",
"id": "136912"
},
{
"db": "PACKETSTORM",
"id": "136958"
},
{
"db": "PACKETSTORM",
"id": "139115"
},
{
"db": "PACKETSTORM",
"id": "136937"
},
{
"db": "PACKETSTORM",
"id": "143513"
},
{
"db": "PACKETSTORM",
"id": "139167"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169652"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2106",
"trust": 2.6
},
{
"db": "BID",
"id": "89744",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "136912",
"trust": 1.2
},
{
"db": "PULSESECURE",
"id": "SA40202",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-18",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035721",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10160",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10759",
"trust": 1.1
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-21",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2106",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136919",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136958",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169652",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"db": "BID",
"id": "89744"
},
{
"db": "PACKETSTORM",
"id": "138471"
},
{
"db": "PACKETSTORM",
"id": "142803"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "136919"
},
{
"db": "PACKETSTORM",
"id": "136912"
},
{
"db": "PACKETSTORM",
"id": "136958"
},
{
"db": "PACKETSTORM",
"id": "139115"
},
{
"db": "PACKETSTORM",
"id": "136937"
},
{
"db": "PACKETSTORM",
"id": "143513"
},
{
"db": "PACKETSTORM",
"id": "139167"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169652"
},
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"id": "VAR-201605-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44512340857142857
},
"last_update_date": "2024-09-18T22:27:12.251000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162073 - Security Advisory"
},
{
"title": "Red Hat: CVE-2016-2106",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-2106"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2959-1"
},
{
"title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
},
{
"title": "Amazon Linux AMI: ALAS-2016-695",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-695"
},
{
"title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-10"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162957 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
},
{
"title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-13"
},
{
"title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
},
{
"title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-18"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-2106 "
},
{
"title": "alpine-cvecheck",
"trust": 0.1,
"url": "https://github.com/tomwillfixit/alpine-cvecheck "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
},
{
"title": "satellite-host-cve",
"trust": 0.1,
"url": "https://github.com/RedHatSatellite/satellite-host-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-2106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/89744"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"trust": 1.1,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2959-1"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"trust": 1.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035721"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"trust": 1.1,
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-2109"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-2108"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331536"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2016/may/25"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-2107"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-2842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0799"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5387"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/documentation/"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4459"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/189.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:2073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2959-1/"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20160503.txt\u003e"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-16:17.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch.asc"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-2055.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/releasestrat.html),"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"db": "BID",
"id": "89744"
},
{
"db": "PACKETSTORM",
"id": "138471"
},
{
"db": "PACKETSTORM",
"id": "142803"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "136919"
},
{
"db": "PACKETSTORM",
"id": "136912"
},
{
"db": "PACKETSTORM",
"id": "136958"
},
{
"db": "PACKETSTORM",
"id": "139115"
},
{
"db": "PACKETSTORM",
"id": "136937"
},
{
"db": "PACKETSTORM",
"id": "143513"
},
{
"db": "PACKETSTORM",
"id": "139167"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169652"
},
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"db": "BID",
"id": "89744"
},
{
"db": "PACKETSTORM",
"id": "138471"
},
{
"db": "PACKETSTORM",
"id": "142803"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "136919"
},
{
"db": "PACKETSTORM",
"id": "136912"
},
{
"db": "PACKETSTORM",
"id": "136958"
},
{
"db": "PACKETSTORM",
"id": "139115"
},
{
"db": "PACKETSTORM",
"id": "136937"
},
{
"db": "PACKETSTORM",
"id": "143513"
},
{
"db": "PACKETSTORM",
"id": "139167"
},
{
"db": "PACKETSTORM",
"id": "139116"
},
{
"db": "PACKETSTORM",
"id": "169652"
},
{
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"date": "2016-05-03T00:00:00",
"db": "BID",
"id": "89744"
},
{
"date": "2016-08-22T23:23:00",
"db": "PACKETSTORM",
"id": "138471"
},
{
"date": "2017-06-05T18:18:00",
"db": "PACKETSTORM",
"id": "142803"
},
{
"date": "2016-08-22T23:25:00",
"db": "PACKETSTORM",
"id": "138473"
},
{
"date": "2016-05-05T16:11:49",
"db": "PACKETSTORM",
"id": "136919"
},
{
"date": "2016-05-04T14:53:10",
"db": "PACKETSTORM",
"id": "136912"
},
{
"date": "2016-05-10T17:01:56",
"db": "PACKETSTORM",
"id": "136958"
},
{
"date": "2016-10-12T20:28:07",
"db": "PACKETSTORM",
"id": "139115"
},
{
"date": "2016-05-09T14:05:44",
"db": "PACKETSTORM",
"id": "136937"
},
{
"date": "2017-07-26T17:44:00",
"db": "PACKETSTORM",
"id": "143513"
},
{
"date": "2016-10-18T13:58:46",
"db": "PACKETSTORM",
"id": "139167"
},
{
"date": "2016-10-12T23:44:55",
"db": "PACKETSTORM",
"id": "139116"
},
{
"date": "2016-05-03T12:12:12",
"db": "PACKETSTORM",
"id": "169652"
},
{
"date": "2016-05-05T01:59:02.217000",
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2106"
},
{
"date": "2017-05-02T01:10:00",
"db": "BID",
"id": "89744"
},
{
"date": "2023-11-07T02:30:55.767000",
"db": "NVD",
"id": "CVE-2016-2106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "89744"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL CVE-2016-2106 Integer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "89744"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "89744"
}
],
"trust": 0.3
}
}
var-201607-0656
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Console Redirection' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94268",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5449",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5449",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-813",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94268",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5449",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Console Redirection\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5449",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91986",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94268",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5449",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"id": "VAR-201607-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:01:48.442000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63173"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91986"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5449"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5449"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94268"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91986"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"date": "2016-07-21T10:15:04.880000",
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94268"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91986"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-813"
},
{
"date": "2017-09-01T01:29:29.570000",
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Console Redirection Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
}
}
var-202102-1488
Vulnerability from variot
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2021:3798-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3798 Issue date: 2021-10-12 CVE Names: CVE-2021-23840 CVE-2021-23841 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-22.el7_9.src.rpm
x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-22.el7_9.src.rpm
x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-22.el7_9.src.rpm
ppc64: openssl-1.0.2k-22.el7_9.ppc64.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-devel-1.0.2k-22.el7_9.ppc.rpm openssl-devel-1.0.2k-22.el7_9.ppc64.rpm openssl-libs-1.0.2k-22.el7_9.ppc.rpm openssl-libs-1.0.2k-22.el7_9.ppc64.rpm
ppc64le: openssl-1.0.2k-22.el7_9.ppc64le.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-devel-1.0.2k-22.el7_9.ppc64le.rpm openssl-libs-1.0.2k-22.el7_9.ppc64le.rpm
s390x: openssl-1.0.2k-22.el7_9.s390x.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-devel-1.0.2k-22.el7_9.s390.rpm openssl-devel-1.0.2k-22.el7_9.s390x.rpm openssl-libs-1.0.2k-22.el7_9.s390.rpm openssl-libs-1.0.2k-22.el7_9.s390x.rpm
x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm openssl-perl-1.0.2k-22.el7_9.ppc64.rpm openssl-static-1.0.2k-22.el7_9.ppc.rpm openssl-static-1.0.2k-22.el7_9.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm openssl-perl-1.0.2k-22.el7_9.ppc64le.rpm openssl-static-1.0.2k-22.el7_9.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-22.el7_9.s390.rpm openssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm openssl-perl-1.0.2k-22.el7_9.s390x.rpm openssl-static-1.0.2k-22.el7_9.s390.rpm openssl-static-1.0.2k-22.el7_9.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-22.el7_9.src.rpm
x86_64: openssl-1.0.2k-22.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-devel-1.0.2k-22.el7_9.i686.rpm openssl-devel-1.0.2k-22.el7_9.x86_64.rpm openssl-libs-1.0.2k-22.el7_9.i686.rpm openssl-libs-1.0.2k-22.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-22.el7_9.i686.rpm openssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm openssl-perl-1.0.2k-22.el7_9.x86_64.rpm openssl-static-1.0.2k-22.el7_9.i686.rpm openssl-static-1.0.2k-22.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYWWqjtzjgjWX9erEAQj4lg/+IFxqmMQqLSvyz8cKUAPgss/+/wFMpRgh ZZxYBQQ0cBFfWFlROVLaRdeiGcZYkyJCRDqy2Yb8YO1A4PnSOc+htLFYmSmU2kcm QLHinOzGEZo/44vN7Qsl4WhJkJIdlysCwKpkkOCUprMEnhlWMvja2eSSG9JLH16d RqGe4AsJQLKSKLgmhejCOqxb9am+t9zBW0zaZHP4UR52Ju1rG5rLjBJ85Gcrmp2B vp/GVEQ/Asid4MZA2WTx+s6wj5Dt7JOdLWrUbcYAC0I8oPWbAoZJTfPkM7S6Xv+U 68iruVFTh74IkCbQ+SNLoYjiDAVJqtAVRVBha7Fd3/gWR6aJLLaqluLRGvd0mwXY pohCS0ynuMQ9wtYOJ3ezSVcBN+/d9Hs/3s8RWQTzrNG6jtBe57H9/tNkeSVFSVvu PMKXsUoOrIUE2HCflJytDB9wkQmsWxiZoH/xVlrtD0D11egZ4EWjJL6x+xtCTAkT u67CAwsCKxxCeNmz42uBtXSwFXoUapJnsviGzAx247T2pyuXlYMYHlsOy7CtBvIk jEEosCMM72UyXO4XsYTXc0jM3ze6iQTcF9irwhy+X+rTB4IXBubdUEoT0jnKlwfI BQvoPEBlcG+f0VU8BL+FCOosvM0ZqC7KGGOwJLoG1Vqz8rbtmhpcmNAOvzUiHdm3 T4OjSl1NzQQ= =Taj2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug Fix(es):
-
Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528)
-
Importing of cluster fails due to error/typo in generated command (BZ#1936642)
-
RHACM 2.2.2 images (BZ#1938215)
-
2.2 clusterlifecycle fails to allow provision
fips: trueclusters on aws, vsphere (BZ#1941778) -
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate
1936528 - Documentation is referencing deprecated API for Service Export - Submariner
1936642 - Importing of cluster fails due to error/typo in generated command
1938215 - RHACM 2.2.2 images
1941778 - 2.2 clusterlifecycle fails to allow provision fips: true clusters on aws, vsphere
1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service
1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service
- ========================================================================== Ubuntu Security Notice USN-4738-1 February 18, 2021
openssl, openssl1.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2021-23841)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.2
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.2
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.6 libssl1.1 1.1.1-1ubuntu2.1~18.04.8
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.19
After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202103-03
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 31, 2021 Bugs: #769785, #777681 ID: 202103-03
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.1.1k >= 1.1.1k
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1k"
References
[ 1 ] CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 [ 2 ] CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 [ 3 ] CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 [ 4 ] CVE-2021-3450 https://nvd.nist.gov/vuln/detail/CVE-2021-3450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202103-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.
Bug Fix(es):
-
Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)
-
Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):
1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
Additional details can be found in the upstream advisories https://www.openssl.org/news/secadv/20191206.txt and https://www.openssl.org/news/secadv/20210216.txt .
For the stable distribution (buster), these problems have been fixed in version 1.1.1d-0+deb10u5.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAtHDpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SYCg/9HRfTx/x8jaG8pn8kcPmUiSs+WkMBXmQeg97Gf6NLeflYczwtZ9MGWAAj J9R72BqppoSGaI4MPgUQPRDRHclktJOxBkICyiYL35G18x0iFz352rfHegq9rzVe VxJAXh3Xo6hA/SX046rjh+gJU63fgiE4Wy9T1D9y9A582FHfqhNFpEbWyzA871hG nDFabpyvRltEC/XXu5pejqU9cguc4wF6pVjMffF1ikV6srAFPFO14v5aYYTWHEe1 D5cOUe6ckFIJBHYO4NEldlfRN1OVUZUMERQwjkfJ6RnwOxzN9dAdnhle+nqgeC7P GwyVHTNIIhNOpjo24j0d13npJqdBvpXygG8TVDzRGm70SgMsizIm/b8ID9yzQjXH 45ziZZKLnLDDE55v62bUZ7KOe3DZYp/dElZ6mt/xKikC10GEOv1exsaB12s4LlDx +7VF2U3nAer//G2LkGAPkbNAT1RC1uibnivyed3uHpUwFewE0fsdaoHtwFPPYDNp Y7dyMI+SpAF1/6PW7kBqgHtyp9GAp2fcldV1uLmr9FKoBASvemkReHH1/eDzPqaA xKzJ67vi9vX3IKtEz+T/EftZ5VDb/JW/f5EPsLNKjQJomRaQRr9EnYMVFCERVwvk IMCzTgoed90pMSWyfO7BkywXMk4t14IeV9PhGVTfCrdpr4c2QC4= =hM2Z -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.6"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0.0.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.6"
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1j"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2y"
},
{
"model": "mysql enterprise monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.1.1"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "164489"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "165096"
}
],
"trust": 0.4
},
"cve": "CVE-2021-23841",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-382524",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-23841",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-23841",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23841",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-23841",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-382524",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Please keep an eye on CNNVD or manufacturer announcements. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2021:3798-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3798\nIssue date: 2021-10-12\nCVE Names: CVE-2021-23840 CVE-2021-23841 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nppc64:\nopenssl-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-devel-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-libs-1.0.2k-22.el7_9.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-22.el7_9.s390x.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm\nopenssl-devel-1.0.2k-22.el7_9.s390.rpm\nopenssl-devel-1.0.2k-22.el7_9.s390x.rpm\nopenssl-libs-1.0.2k-22.el7_9.s390.rpm\nopenssl-libs-1.0.2k-22.el7_9.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-perl-1.0.2k-22.el7_9.ppc64.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-perl-1.0.2k-22.el7_9.ppc64le.rpm\nopenssl-static-1.0.2k-22.el7_9.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-22.el7_9.s390.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.s390x.rpm\nopenssl-perl-1.0.2k-22.el7_9.s390x.rpm\nopenssl-static-1.0.2k-22.el7_9.s390.rpm\nopenssl-static-1.0.2k-22.el7_9.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-22.el7_9.src.rpm\n\nx86_64:\nopenssl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-devel-1.0.2k-22.el7_9.i686.rpm\nopenssl-devel-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-libs-1.0.2k-22.el7_9.i686.rpm\nopenssl-libs-1.0.2k-22.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-22.el7_9.i686.rpm\nopenssl-debuginfo-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-perl-1.0.2k-22.el7_9.x86_64.rpm\nopenssl-static-1.0.2k-22.el7_9.i686.rpm\nopenssl-static-1.0.2k-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWWqjtzjgjWX9erEAQj4lg/+IFxqmMQqLSvyz8cKUAPgss/+/wFMpRgh\nZZxYBQQ0cBFfWFlROVLaRdeiGcZYkyJCRDqy2Yb8YO1A4PnSOc+htLFYmSmU2kcm\nQLHinOzGEZo/44vN7Qsl4WhJkJIdlysCwKpkkOCUprMEnhlWMvja2eSSG9JLH16d\nRqGe4AsJQLKSKLgmhejCOqxb9am+t9zBW0zaZHP4UR52Ju1rG5rLjBJ85Gcrmp2B\nvp/GVEQ/Asid4MZA2WTx+s6wj5Dt7JOdLWrUbcYAC0I8oPWbAoZJTfPkM7S6Xv+U\n68iruVFTh74IkCbQ+SNLoYjiDAVJqtAVRVBha7Fd3/gWR6aJLLaqluLRGvd0mwXY\npohCS0ynuMQ9wtYOJ3ezSVcBN+/d9Hs/3s8RWQTzrNG6jtBe57H9/tNkeSVFSVvu\nPMKXsUoOrIUE2HCflJytDB9wkQmsWxiZoH/xVlrtD0D11egZ4EWjJL6x+xtCTAkT\nu67CAwsCKxxCeNmz42uBtXSwFXoUapJnsviGzAx247T2pyuXlYMYHlsOy7CtBvIk\njEEosCMM72UyXO4XsYTXc0jM3ze6iQTcF9irwhy+X+rTB4IXBubdUEoT0jnKlwfI\nBQvoPEBlcG+f0VU8BL+FCOosvM0ZqC7KGGOwJLoG1Vqz8rbtmhpcmNAOvzUiHdm3\nT4OjSl1NzQQ=\n=Taj2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.2 General\nAvailability release images, which fix several bugs and security issues. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug Fix(es):\n\n* Documentation is referencing deprecated API for Service Export -\nSubmariner (BZ#1936528)\n\n* Importing of cluster fails due to error/typo in generated command\n(BZ#1936642)\n\n* RHACM 2.2.2 images (BZ#1938215)\n\n* 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on\naws, vsphere (BZ#1941778)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1936528 - Documentation is referencing deprecated API for Service Export - Submariner\n1936642 - Importing of cluster fails due to error/typo in generated command\n1938215 - RHACM 2.2.2 images\n1941778 - 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n\n5. ==========================================================================\nUbuntu Security Notice USN-4738-1\nFebruary 18, 2021\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2021-23841)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.2\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.2\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.6\n libssl1.1 1.1.1-1ubuntu2.1~18.04.8\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.19\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202103-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 31, 2021\n Bugs: #769785, #777681\n ID: 202103-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould allow remote attackers to cause a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.1.1k \u003e= 1.1.1k\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.1.1k\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-23840\n https://nvd.nist.gov/vuln/detail/CVE-2021-23840\n[ 2 ] CVE-2021-23841\n https://nvd.nist.gov/vuln/detail/CVE-2021-23841\n[ 3 ] CVE-2021-3449\n https://nvd.nist.gov/vuln/detail/CVE-2021-3449\n[ 4 ] CVE-2021-3450\n https://nvd.nist.gov/vuln/detail/CVE-2021-3450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202103-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. \nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5. \n\nAdditional details can be found in the upstream advisories\nhttps://www.openssl.org/news/secadv/20191206.txt and\nhttps://www.openssl.org/news/secadv/20210216.txt . \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.1.1d-0+deb10u5. \n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAtHDpfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SYCg/9HRfTx/x8jaG8pn8kcPmUiSs+WkMBXmQeg97Gf6NLeflYczwtZ9MGWAAj\nJ9R72BqppoSGaI4MPgUQPRDRHclktJOxBkICyiYL35G18x0iFz352rfHegq9rzVe\nVxJAXh3Xo6hA/SX046rjh+gJU63fgiE4Wy9T1D9y9A582FHfqhNFpEbWyzA871hG\nnDFabpyvRltEC/XXu5pejqU9cguc4wF6pVjMffF1ikV6srAFPFO14v5aYYTWHEe1\nD5cOUe6ckFIJBHYO4NEldlfRN1OVUZUMERQwjkfJ6RnwOxzN9dAdnhle+nqgeC7P\nGwyVHTNIIhNOpjo24j0d13npJqdBvpXygG8TVDzRGm70SgMsizIm/b8ID9yzQjXH\n45ziZZKLnLDDE55v62bUZ7KOe3DZYp/dElZ6mt/xKikC10GEOv1exsaB12s4LlDx\n+7VF2U3nAer//G2LkGAPkbNAT1RC1uibnivyed3uHpUwFewE0fsdaoHtwFPPYDNp\nY7dyMI+SpAF1/6PW7kBqgHtyp9GAp2fcldV1uLmr9FKoBASvemkReHH1/eDzPqaA\nxKzJ67vi9vX3IKtEz+T/EftZ5VDb/JW/f5EPsLNKjQJomRaQRr9EnYMVFCERVwvk\nIMCzTgoed90pMSWyfO7BkywXMk4t14IeV9PhGVTfCrdpr4c2QC4=\n=hM2Z\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23841"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "164489"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "161459"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "PACKETSTORM",
"id": "168995"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-382524",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23841",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TNS-2021-03",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44846",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-336-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94508446",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99475301",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90348129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165096",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161459",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164928",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162824",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165129",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-382524",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "164489"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "161459"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "PACKETSTORM",
"id": "168995"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"id": "VAR-202102-1488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
}
],
"trust": 0.30766129
},
"last_update_date": "2024-09-19T21:36:27.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-126",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4855"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-190",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv/20210216.txt"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44846"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212528"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212529"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212534"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-03"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4855"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/may/67"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/may/70"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/may/68"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94508446/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90348129/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99475301/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.6"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4738-1"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28957"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20191206.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openssl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "164489"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "161459"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "PACKETSTORM",
"id": "168995"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-382524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "164489"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "161459"
},
{
"db": "PACKETSTORM",
"id": "162041"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "PACKETSTORM",
"id": "168995"
},
{
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-382524"
},
{
"date": "2021-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286"
},
{
"date": "2021-10-13T14:47:32",
"db": "PACKETSTORM",
"id": "164489"
},
{
"date": "2021-04-13T15:38:30",
"db": "PACKETSTORM",
"id": "162151"
},
{
"date": "2021-02-18T14:17:43",
"db": "PACKETSTORM",
"id": "161459"
},
{
"date": "2021-03-31T14:36:01",
"db": "PACKETSTORM",
"id": "162041"
},
{
"date": "2021-11-29T18:12:32",
"db": "PACKETSTORM",
"id": "165096"
},
{
"date": "2021-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "168995"
},
{
"date": "2021-02-16T17:15:13.377000",
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-382524"
},
{
"date": "2023-07-20T06:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-001396"
},
{
"date": "2024-06-21T19:15:17.377000",
"db": "NVD",
"id": "CVE-2021-23841"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161459"
},
{
"db": "PACKETSTORM",
"id": "162041"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001396"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165096"
}
],
"trust": 0.2
}
}
var-201501-0436
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks.
References:
CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0288 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc.
For the upcoming stable distribution (jessie), these problems will be fixed soon. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2014-3570]
III. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275). NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Release Date: 2015-02-25 Last Updated: 2015-02-25
Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilites
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 25 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0436",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "powerlinux 7r2",
"scope": "eq",
"trust": 1.2,
"vendor": "ibm",
"version": "0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7200"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7800"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7100"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7400"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5200"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7300"
},
{
"model": "powerlinux 7r1",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "power system s822",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.00"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205635"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "flex system p270 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7954-24x)0"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "power systems e870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355042540"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "project openssl 0.9.8u",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-23x)0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli netcool/reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.21"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.7"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.3"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.7"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355041980"
},
{
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5750"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "power system s814",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.21"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.2"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.e0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.12"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "power systems 350.e1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.00"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079450"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.6"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.11"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.9"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.03"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205577"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571451.43"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "10g vfsm for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365042550"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571910"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.00"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 12.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571480"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.4"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073800"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "powerlinux 7r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system idataplex dx360 m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63910"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.5"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power ese",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571460"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571431.43"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.11"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-22x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571470"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.10"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056340"
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "power system s824l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365041990"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "flex system interconnect fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "560"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10g vfsm for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power 795",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.51"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571430"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73210"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "1:10g switch for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.10.0"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power system s822l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571450"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504667"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205587"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63800"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.41"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter js22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-61x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.20"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.32"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "openssh for gpfs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079460"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079440"
},
{
"model": "bladecenter js23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571920"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079470"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056330"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571490"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.80"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "bladecenter js43 with feature code",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x8446)0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "power system s824",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7500"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "power systems e880",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-42x)0"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.20"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.02"
},
{
"model": "bladecenter js12 express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-60x)0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.2"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.50"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "flex system p24l compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.4"
},
{
"model": "power system s812l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.5"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.01"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73230"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363073770"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.10"
},
{
"model": "flex system interconnect fabric",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "project openssl 1.0.0h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.01"
},
{
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.40"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "74.90"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "flex system p260 compute node /fc efd9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5950"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "junos os 12.3x48-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054540"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.01"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "550"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350078390"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504965"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-43x)0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71942"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karthikeyan Bhargavan of the PROSECCO team at INRIA",
"sources": [
{
"db": "BID",
"id": "71942"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3572",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3572",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. \n\nReferences:\n\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0288\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2014-3570]\n\nIII. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2015-02-25\nLast Updated: 2015-02-25\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilites\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 25 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3572"
},
{
"db": "BID",
"id": "71942"
},
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3572",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "71942",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-3572",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129880",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130545",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "BID",
"id": "71942"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"id": "VAR-201501-0436",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35468420666666667
},
"last_update_date": "2024-09-17T20:19:41.978000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openssl-0.9.8zd",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53189"
},
{
"title": "openssl-1.0.1k.tar.gz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53191"
},
{
"title": "openssl-1.0.0p",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53190"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2014-3572",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3572"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "JPN_RIC13351-2",
"trust": 0.1,
"url": "https://github.com/neominds/JPN_RIC13351-2 "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71942"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanv8#announce1"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanxd"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150108.txt"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2459-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "BID",
"id": "71942"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"db": "BID",
"id": "71942"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71942"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-01-12T17:17:37",
"db": "PACKETSTORM",
"id": "129880"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-03-27T20:42:44",
"db": "PACKETSTORM",
"id": "131044"
},
{
"date": "2015-01-12T21:48:37",
"db": "PACKETSTORM",
"id": "129893"
},
{
"date": "2015-01-09T02:01:10",
"db": "PACKETSTORM",
"id": "129867"
},
{
"date": "2015-01-22T01:35:41",
"db": "PACKETSTORM",
"id": "130051"
},
{
"date": "2015-02-26T17:13:09",
"db": "PACKETSTORM",
"id": "130545"
},
{
"date": "2015-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"date": "2015-01-09T02:59:02.320000",
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3572"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71942"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-162"
},
{
"date": "2017-11-15T02:29:05.313000",
"db": "NVD",
"id": "CVE-2014-3572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129893"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL \u2018 ssl3_get_key_exchange \u0027Function Encryption Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-162"
}
],
"trust": 0.6
}
}
var-201501-0340
Vulnerability from variot
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc.
For the upcoming stable distribution (jessie), these problems will be fixed soon.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] This does not affect FreeBSD's default build.
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570]
III. Impact
An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. [CVE-2015-0204]
A client could authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- .
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . This could lead to a Denial Of Service attack (CVE-2014-3571). This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine (CVE-2014-3570).
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "es750",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.00"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "es1500",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bluemix workflow",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.00"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.5.03.00"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "openssh for gpfs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3.0"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.00"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71940"
},
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
}
],
"trust": 0.4
},
"cve": "CVE-2015-0206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0206",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0206",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-01-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL\ndue to a NULL pointer dereference. [CVE-2014-3571]\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. [CVE-2015-0206]\n\nWhen OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. \n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange message\nis omitted. [CVE-2014-3572]\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. [CVE-2015-0204]\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-8275]\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. [CVE-2014-3570]\n\nIII. Impact\n\nAn attacker who can send a carefully crafted DTLS message can cause server\ndaemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. [CVE-2015-0204]\n\nA client could authenticate without the use of a private key. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150108.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. This could lead to a Denial\n Of Service attack (CVE-2014-3571). This bug occurs at random with a very\n low probability, and is not known to be exploitable in any way,\n though its exact impact is difficult to determine (CVE-2014-3570). \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0206"
},
{
"db": "BID",
"id": "71940"
},
{
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0206",
"trust": 2.2
},
{
"db": "BID",
"id": "71940",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2015-0206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129880",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132763",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"db": "BID",
"id": "71940"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"id": "VAR-201501-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4209152
},
"last_update_date": "2024-09-18T23:05:58.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2015-0206",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0206"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-03"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71940"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150108.txt\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150108.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/insightupdates"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/smh"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"db": "BID",
"id": "71940"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"db": "BID",
"id": "71940"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "129880"
},
{
"db": "PACKETSTORM",
"id": "129973"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"date": "2015-01-07T00:00:00",
"db": "BID",
"id": "71940"
},
{
"date": "2015-08-26T01:33:25",
"db": "PACKETSTORM",
"id": "133318"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-01-12T17:17:37",
"db": "PACKETSTORM",
"id": "129880"
},
{
"date": "2015-01-15T16:53:07",
"db": "PACKETSTORM",
"id": "129973"
},
{
"date": "2015-03-27T20:42:44",
"db": "PACKETSTORM",
"id": "131044"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-08-26T01:35:08",
"db": "PACKETSTORM",
"id": "133325"
},
{
"date": "2015-07-21T13:37:51",
"db": "PACKETSTORM",
"id": "132763"
},
{
"date": "2015-01-09T02:59:12.117000",
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0206"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71940"
},
{
"date": "2017-10-20T01:29:04.393000",
"db": "NVD",
"id": "CVE-2015-0206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "71940"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL \u0027dtls1_buffer_record()\u0027 Function Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "71940"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "71940"
}
],
"trust": 0.3
}
}
var-201507-0348
Vulnerability from variot
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity − High (Severity: High) ・ Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04760669
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04760669 Version: 1
HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-05 Last Updated: 2015-08-05
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.
This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.
References:
CVE-2015-4000: DHE man-in-the-middle protection (Logjam). CVE-2015-1788: Malformed ECParameters causes infinite loop. CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. CVE-2015-1790: PKCS7 crash with missing EnvelopedContent CVE-2015-1791: Race condition handling NewSessionTicket CVE-2015-1792: CMS verify infinite loop with unknown hash function CVE-2015-1793: Alternative Chain Certificate Forgery.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided an updated version of OpenSSL to resolve this vulnerability.
A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 5 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2 L90AnAgGXxSCZgBVzDQCAezbHbrHPwtg =74KM -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issue: Alternative chains certificate forgery (CVE-2015-1793). This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1p-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1p-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1p-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1p-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1p-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1p-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1p-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: a77913257d9e4d9f0b143e7c2bf829d3 openssl-1.0.1p-i486-1_slack14.0.txz 9d778b2df5c01be05c5133d3c420a216 openssl-solibs-1.0.1p-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 1423b29d8621434363fcd92480544d19 openssl-1.0.1p-x86_64-1_slack14.0.txz e510fd37b65ab9b585f505c3b8925755 openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 483c52a8f52243486db12c6a85e59ad3 openssl-1.0.1p-i486-1_slack14.1.txz a2704397b9eabd509336dedfe1b51ff3 openssl-solibs-1.0.1p-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 2a4b0b930a7513a24a719f9996c3cd5d openssl-1.0.1p-x86_64-1_slack14.1.txz 3414a0e114c93ac4352938f182df5180 openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz
Slackware -current packages: a867679d8f4a29a7b206930840d8c92f a/openssl-solibs-1.0.1p-i586-1.txz 1e28db3e77d547ef338c7116cf8d415f n/openssl-1.0.1p-i586-1.txz
Slackware x86_64 -current packages: f53454dd43f9d3206db58b9cd8b4e53e a/openssl-solibs-1.0.1p-x86_64-1.txz 4433713b6723a0715dc60d1254ee2ca3 n/openssl-1.0.1p-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1p-i486-1_slack14.1.txz openssl-solibs-1.0.1p-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.
References:
- CVE-2014-8176 - Remote Denial of Service (DoS)
- CVE-2015-1788 - Remote Denial of Service (DoS)
- CVE-2015-1789 - Remote Denial of Service (DoS)
- CVE-2015-1790 - Remote Denial of Service (DoS)
- CVE-2015-1791 - Remote Denial of Service (DoS)
- CVE-2015-1792 - Remote Denial of Service (DoS)
- CVE-2015-1793 - Remote Unauthorized Access
- PSRT110158, SSRT102264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION below for a list of impacted products.
COMWARE 5 Products
- A6600 (Comware 5) - Version: R3303P23
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- HSR6602 (Comware 5) - Version: R3303P23
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: R3303P23
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: R2514P10
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: R2514P10
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: R2514P10
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: R2514P10
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: R2514P10
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: R2514P10
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: R2514P10
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: R2514P10
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: R1829P01
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: R1829P01
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: R1210P01
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: R6710P01
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: R1809P11
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: R5501P17
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: R2221P19
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: R2221P19
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: R2221P20
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: R2221P20
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: R2221P20
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: R2221P20
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: R1516
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: R5319P14
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: R2110P06
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2-48 (Comware 5) - Version: R2110P06
- HP Network Products
- JG315A HP 3100-48 v2 Switch
- JG315B HP 3100-48 v2 Switch
- HP870 (Comware 5) - Version: R2607P46
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: R2607P46
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: R3507P46
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: R2507P46
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: R2507P46
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: R3181P07
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: R3811P05
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: R3820P06
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC165A) HP 6600 RPE-X1 Router Module
- JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC176A) HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: R1111
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: R1109
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: R1516
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: R1108
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7376
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7170
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1138P01
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0321P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2138P01
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3109P16
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 5700 (Comware 7) - Version: R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3109P16
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7170
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
iMC Products
- iMC Plat - Version: iMC Plat 7.1 E0303P16
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
- iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- iMC NSM - Version: iMC WSM 7.1 E0303P10
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU
VCX Products
- VCX - Version: 9.8.18
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
HISTORY Version:1 (rev.1) - 5 July 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1p"
References
[ 1 ] CVE-2015-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150709.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.1n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.1o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.2.2"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "opus 10g ethernet switch family",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0"
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.9,
"vendor": "juniper",
"version": null
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 2.3.20"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 3.0.22"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "base platform 11.1.0.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "base platform 11.2.0.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "base platform 12.1.0.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "base platform 12.1.0.5"
},
{
"model": "enterprise manager",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "grid control of oss support tools 8.8.15.7.15"
},
{
"model": "enterprise manager",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.1.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.2.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.3.0"
},
{
"model": "ethernet switch",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "es2-64 2.0.0.6"
},
{
"model": "ethernet switch",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "es2-72 2.0.0.6"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle business intelligence enterprise edition 11.1.1.7.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle business intelligence enterprise edition 11.1.1.9.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.4.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.5.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.6.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle tuxedo 12.1.1.0"
},
{
"model": "jd edwards products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of jd edwards world security a9.4"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise peopletools 8.53"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise peopletools 8.54"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle agile engineering data management 6.1.2.2"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle agile engineering data management 6.1.3.0"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle agile engineering data management 6.2.0.0"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle transportation management 6.1"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle transportation management 6.2"
},
{
"model": "switch",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "es1-24 1.3.1.13"
},
{
"model": "sun blade 6000 ethernet switched nem 24p 10ge",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "1.2.2.13"
},
{
"model": "sun network 10ge switch 72p",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "1.2.2.15"
},
{
"model": "capssuite",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0 to v4.0 manager component"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7400/nv5400/nv3400 series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7500/nv5500/nv3500 series"
},
{
"model": "ix2000 series",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "ix3000 series",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.0"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.01"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.02"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v7.1 to v8.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4 to v9.2"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v9.1"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1 to v8.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator ver3.1.0.x to ver4.1.0.x"
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "opus 10g ethernet switch family",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.3"
},
{
"model": "security network controller 1.0.3361m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "registered envelope service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "junos 12.1x44-d33",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "junos 12.1x47-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.4"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "junos 13.3r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.35"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "netinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.2.2"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14"
},
{
"model": "rational automation framework ifix5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3361"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.13-34"
},
{
"model": "junos 12.1x44-d51",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "agent for openflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "imc products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.16-37"
},
{
"model": "digital media players 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos 12.1x44-d50",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "junos 12.3x48-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4-23"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.25-57"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-43"
},
{
"model": "telepresence conductor xc4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.16"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "ethernet switch es2-64",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.15"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "junos 12.3x48-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "junos d30",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.11-28"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "ethernet switch es2-72",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "junos 15.1r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.36"
},
{
"model": "security network controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "junos 14.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5.1"
},
{
"model": "junos 14.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-64",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.34"
},
{
"model": "digital media players 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "jd edwards world security a9.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "junos 13.3r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60000"
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "registered envelope service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.1"
},
{
"model": "aspera orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "junos 12.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-72",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "partner supporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9.15.9.8"
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15-36"
},
{
"model": "junos 12.1x44-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d40",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller 1.0.3379m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "50"
},
{
"model": "prime network services controller 3.4.1c",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.0"
},
{
"model": "hp-ux b.11.11.16.09",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "webex messenger service ep1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9.9"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.15"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2919"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "hp-ux b.11.11.13.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 14.1r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "70"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.13"
},
{
"model": "10.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "hp-ux b.11.23.1.007",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "prime security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.4.2-4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.29-9"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "industrial router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9100"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "security network controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "rational tau interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "local collector appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.10"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 13.2x51-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "junos 14.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "digital media players",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "hp-ux b.11.11.02.008",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x44-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aspera point to point",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "webex messenger service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x46-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netinsight",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.14"
},
{
"model": "junos 12.1x47-d11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.3r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r7",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "esight network v300r003c10spc201",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "socialminer",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "junos 14.2r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "aspera faspex application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.2"
},
{
"model": "asa cx and cisco prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 13.2x51-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x47-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "model d9485 davic qpsk",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "junos d35",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "vcx products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "junos 12.1x47-d45",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "nexus series fex",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1.0"
},
{
"model": "security network controller 1.0.3381m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "junos 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "rational tau interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "hp-ux b.11.11.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.18-49"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "virtual security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "puredata system for analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "industrial router 1.2.1rb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "910"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13-41"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.31"
},
{
"model": "hp-ux b.11.23.07.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "unified attendant console standard",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.2d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3381"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9-34"
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "security proventia network active bypass 0343c3c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "junos 12.1x46-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "junos 12.3r11",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.2"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "junos 13.3r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "esight network v300r003c10spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "junos 15.1x49-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3376"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-42"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "junos 14.1r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.4"
},
{
"model": "aspera enterprise server client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "aspera ondemand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.4"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "junos 12.3r9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1876"
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "connected analytics for collaboration",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud service automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "hp-ux b.11.11.14.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "webex node for mcs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d35.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "junos 12.3x48-d30",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.32"
},
{
"model": "virtual security gateway for microsoft hyper-v",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2.2.13"
},
{
"model": "services analytic platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "switch es1-24",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3.1.3"
},
{
"model": "security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.9"
},
{
"model": "security network controller 1.0.3376m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3379"
},
{
"model": "junos 13.2x51-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "hp-ux b.11.11.15.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "junos 15.1x49-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.2r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "model d9485 davic qpsk",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.19"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.33"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun network 10ge switch 72p",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.2.15"
},
{
"model": "junos 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.3r10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x44-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:jd_edwards_enterpriseone_tools",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:enterprise_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:opus_10g_ethernet_switch_family",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:jd_edwards_products",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:peoplesoft_products",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:supply_chain_products_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:switch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sun_blade_6000_ethernet_switched_nem24p_10ge",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sun_network_10gbe_switch_72p",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:capssuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:express5800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:istorage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ix2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ix3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Langley of Google and David Benjamin of BoringSSL.",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1793",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79754",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-81961",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2015-1793",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1793",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1793",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-298",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79754",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81961",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-1793",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity \u2212 High (Severity: High) \uff65 Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04760669\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04760669\nVersion: 1\n\nHPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \nCVE-2015-1788: Malformed ECParameters causes infinite loop. \nCVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. \nCVE-2015-1790: PKCS7 crash with missing EnvelopedContent\nCVE-2015-1791: Race condition handling NewSessionTicket\nCVE-2015-1792: CMS verify infinite loop with unknown hash function\nCVE-2015-1793: Alternative Chain Certificate Forgery. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2\nL90AnAgGXxSCZgBVzDQCAezbHbrHPwtg\n=74KM\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1p-i486-1_slack14.1.txz: Upgraded. \n This update fixes the following security issue:\n Alternative chains certificate forgery (CVE-2015-1793). \n This issue will impact any application that verifies certificates including\n SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. \n This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David\n Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1p-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1p-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1p-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1p-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1p-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1p-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1p-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\na77913257d9e4d9f0b143e7c2bf829d3 openssl-1.0.1p-i486-1_slack14.0.txz\n9d778b2df5c01be05c5133d3c420a216 openssl-solibs-1.0.1p-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n1423b29d8621434363fcd92480544d19 openssl-1.0.1p-x86_64-1_slack14.0.txz\ne510fd37b65ab9b585f505c3b8925755 openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n483c52a8f52243486db12c6a85e59ad3 openssl-1.0.1p-i486-1_slack14.1.txz\na2704397b9eabd509336dedfe1b51ff3 openssl-solibs-1.0.1p-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n2a4b0b930a7513a24a719f9996c3cd5d openssl-1.0.1p-x86_64-1_slack14.1.txz\n3414a0e114c93ac4352938f182df5180 openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\na867679d8f4a29a7b206930840d8c92f a/openssl-solibs-1.0.1p-i586-1.txz\n1e28db3e77d547ef338c7116cf8d415f n/openssl-1.0.1p-i586-1.txz\n\nSlackware x86_64 -current packages:\nf53454dd43f9d3206db58b9cd8b4e53e a/openssl-solibs-1.0.1p-x86_64-1.txz\n4433713b6723a0715dc60d1254ee2ca3 n/openssl-1.0.1p-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1p-i486-1_slack14.1.txz openssl-solibs-1.0.1p-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nReferences:\n\n - CVE-2014-8176 - Remote Denial of Service (DoS)\n - CVE-2015-1788 - Remote Denial of Service (DoS)\n - CVE-2015-1789 - Remote Denial of Service (DoS)\n - CVE-2015-1790 - Remote Denial of Service (DoS)\n - CVE-2015-1791 - Remote Denial of Service (DoS)\n - CVE-2015-1792 - Remote Denial of Service (DoS)\n - CVE-2015-1793 - Remote Unauthorized Access\n - PSRT110158, SSRT102264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\n**COMWARE 5 Products**\n\n + **A6600 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **HSR6602 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: R1829P01**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: R1829P01**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: R1210P01**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: R6710P01**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **5830 (Comware 5) - Version: R1118P13**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: R1809P11**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: R5501P17**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: R2221P19**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: R2221P19**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: R1516**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: R5319P14**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: R2110P06**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2-48 (Comware 5) - Version: R2110P06**\n * HP Network Products\n - JG315A HP 3100-48 v2 Switch\n - JG315B HP 3100-48 v2 Switch\n + **HP870 (Comware 5) - Version: R2607P46**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: R2607P46**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: R3507P46**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: R2507P46**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: R2507P46**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: R3734P08**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: R3734P08**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: F3210P26**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: R3811P05**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: R3820P06**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC165A) HP 6600 RPE-X1 Router Module\n - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC176A) HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: R1111**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: R1109**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: R1516**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: R1108**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7376**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7170**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1138P01**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0321P01**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2138P01**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3109P16**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **5700 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P05**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P05**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3109P16**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7170**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n - JG659AAE HP IMC Smart Connect VAE E-LTU\n - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\n - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n * HP Network Products\n - JD456A HP IMC WSM Software Module with 50-Access Point License\n - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n + **VCX - Version: 9.8.18**\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1p\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150709.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1793"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132634"
},
{
"db": "PACKETSTORM",
"id": "137772"
},
{
"db": "PACKETSTORM",
"id": "132642"
},
{
"db": "PACKETSTORM",
"id": "132625"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-79754",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-81961",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38640",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1793",
"trust": 3.5
},
{
"db": "JUNIPER",
"id": "JSA10694",
"trust": 1.5
},
{
"db": "BID",
"id": "75652",
"trust": 1.5
},
{
"db": "BID",
"id": "91787",
"trust": 1.3
},
{
"db": "EXPLOIT-DB",
"id": "38640",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1032817",
"trust": 1.2
},
{
"db": "MCAFEE",
"id": "SB10125",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99160787",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "132625",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132642",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132634",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132843",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134250",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132646",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-79754",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032864",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033341",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032777",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032727",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032871",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032475",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032783",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032653",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032702",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033222",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032865",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033065",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033208",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033019",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033991",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032759",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1040630",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032910",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033067",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032637",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033064",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032654",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032656",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1034087",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032932",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033385",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032652",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032688",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032699",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032649",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032960",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032647",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032474",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033210",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032778",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033416",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033891",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032884",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032651",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033760",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033433",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032476",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032784",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1036218",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032856",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033430",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1034884",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032655",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032650",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032648",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033513",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1033209",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1032645",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1034728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132413",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136247",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132465",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133338",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134902",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134755",
"trust": 0.1
},
{
"db": "JUNIPER",
"id": "JSA10681",
"trust": 0.1
},
{
"db": "JUNIPER",
"id": "JSA10727",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428",
"trust": 0.1
},
{
"db": "BID",
"id": "74733",
"trust": 0.1
},
{
"db": "MCAFEE",
"id": "SB10122",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/05/20/8",
"trust": 0.1
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-81961",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137772",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132634"
},
{
"db": "PACKETSTORM",
"id": "137772"
},
{
"db": "PACKETSTORM",
"id": "132642"
},
{
"db": "PACKETSTORM",
"id": "132625"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"id": "VAR-201507-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
}
],
"trust": 0.75852813
},
"last_update_date": "2024-09-19T21:44:48.438000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20150710-openssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl"
},
{
"title": "Fix alternate chains certificate forgery issue",
"trust": 0.8,
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
},
{
"title": "Add test for CVE-2015-1793",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/f404943bcab4898d18f3ac1b36479d1d7bbbb9e6"
},
{
"title": "HPSBUX03388",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
},
{
"title": "HPSBGN03424",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
},
{
"title": "HPSBHF03613",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"title": "HPSBMU03546",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"title": "NV15-010",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
},
{
"title": "OpenSSL Security Advisory [9 Jul 2015]",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150709.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"title": "January 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "April 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "JSA10694",
"trust": 0.8,
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"title": "cisco-sa-20150710-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1130/1130208_cisco-sa-20150710-openssl-j.html"
},
{
"title": "openssl-1.0.2d",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56655"
},
{
"title": "openssl-1.0.1p",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56654"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
},
{
"title": "Amazon Linux AMI: ALAS-2015-564",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-564"
},
{
"title": "Red Hat: CVE-2015-1793",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-1793"
},
{
"title": "Symantec Security Advisories: SA101 : OpenSSL Security Advisory 09-July-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=bb24cf23a4d911e95562099e0e8d0f2d"
},
{
"title": "Tenable Security Advisories: [R5] OpenSSL \u002720150709\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-08"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2015-4000 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2015-1788 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://openssl.org/news/secadv_20150709.txt"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/75652"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.3,
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.3,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.3,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/38640/"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201507-15"
},
{
"trust": 1.3,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
},
{
"trust": 1.2,
"url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.2,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm"
},
{
"trust": 1.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04822825"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161747.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161782.html"
},
{
"trust": 1.2,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:12.openssl.asc"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032817"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10125"
},
{
"trust": 1.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1793"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99160787/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1793"
},
{
"trust": 0.8,
"url": "https://cryptanalysis.eu/blog/2015/07/09/bypassing-certificate-checks-in-openssl-1-0-2c-cve-2015-1793/"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
},
{
"trust": 0.4,
"url": "https://www.openssl.org/news/secadv_20150709.txt"
},
{
"trust": 0.3,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/13"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807"
},
{
"trust": 0.2,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10694"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10125"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144370846326989\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.561427"
},
{
"trust": 0.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 0.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/74733"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 0.1,
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10681"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10727"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx201114"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"trust": 0.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"trust": 0.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"trust": 0.1,
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 0.1,
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
},
{
"trust": 0.1,
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"trust": 0.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"trust": 0.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10122"
},
{
"trust": 0.1,
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"trust": 0.1,
"url": "https://puppet.com/security/cve/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"trust": 0.1,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03831en_us"
},
{
"trust": 0.1,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"trust": 0.1,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"trust": 0.1,
"url": "https://www.suse.com/security/cve/cve-2015-4000.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 0.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
},
{
"trust": 0.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
},
{
"trust": 0.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143557934009303\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143628304012255\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558092609708\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143655800220052\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060576831314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144069189622016\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144050121701297\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060606031437\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144102017024820\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144061542602287\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145409266329539\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144043644216842\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143506486712441\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144104533800819\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143637549705650\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144493176821532\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
},
{
"trust": 0.1,
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"trust": 0.1,
"url": "https://weakdh.org/"
},
{
"trust": 0.1,
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 0.1,
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032474"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032475"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032476"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032637"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032645"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032647"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032648"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032649"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032650"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032651"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032652"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032653"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032654"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032655"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032656"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032688"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032699"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032702"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032727"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032759"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032777"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032778"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032783"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032784"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032856"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032864"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032865"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032871"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032884"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032910"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032932"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1032960"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033019"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033064"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033065"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033067"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033208"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033209"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033210"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033222"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033341"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033385"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033416"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033430"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033433"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033513"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033760"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033891"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1033991"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1034087"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1034728"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1034884"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1036218"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1040630"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2656-1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2656-2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2673-1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2696-1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2706-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1793"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132634"
},
{
"db": "PACKETSTORM",
"id": "137772"
},
{
"db": "PACKETSTORM",
"id": "132642"
},
{
"db": "PACKETSTORM",
"id": "132625"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79754"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132634"
},
{
"db": "PACKETSTORM",
"id": "137772"
},
{
"db": "PACKETSTORM",
"id": "132642"
},
{
"db": "PACKETSTORM",
"id": "132625"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-79754"
},
{
"date": "2015-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-81961"
},
{
"date": "2015-07-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"date": "2015-07-09T00:00:00",
"db": "BID",
"id": "75652"
},
{
"date": "2015-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"date": "2015-08-06T10:10:00",
"db": "PACKETSTORM",
"id": "132973"
},
{
"date": "2015-07-10T15:42:50",
"db": "PACKETSTORM",
"id": "132634"
},
{
"date": "2016-07-05T18:18:00",
"db": "PACKETSTORM",
"id": "137772"
},
{
"date": "2015-07-10T15:43:49",
"db": "PACKETSTORM",
"id": "132642"
},
{
"date": "2015-07-09T23:03:33",
"db": "PACKETSTORM",
"id": "132625"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"date": "2015-07-09T19:17:00.093000",
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-79754"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81961"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1793"
},
{
"date": "2016-10-26T05:10:00",
"db": "BID",
"id": "75652"
},
{
"date": "2016-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003487"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-298"
},
{
"date": "2023-11-07T02:24:55.670000",
"db": "NVD",
"id": "CVE-2015-1793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Vulnerabilities in certificate chain validation failure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
}
}
var-202109-1790
Vulnerability from variot
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.
This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema
- JIRA issues fixed (https://issues.jboss.org/):
THREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan THREESCALE-6879 - [3scale][2.11][HI-prio] Add 'Create new Application' flow to Product > Applications index THREESCALE-7030 - Address scalability in 'Create new Application' form THREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes THREESCALE-7475 - Some api calls result in "Destroying user session" THREESCALE-7488 - Ability to add external Lua dependencies for custom policies THREESCALE-7573 - Enable proxy environment variables via the APICAST CRD THREESCALE-7605 - type change of "policies_config" in /admin/api/services/{service_id}/proxy.json THREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO THREESCALE-7644 - Metrics: Service for 3scale operator is missing THREESCALE-7646 - Cleanup/refactor Products and Backends index logic THREESCALE-7648 - Remove "#context-menu" from the url THREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm THREESCALE-7731 - Reenable operator metrics service for apicast-operator THREESCALE-7761 - 3scale Operator doesn't respect *_proxy env vars THREESCALE-7765 - Remove MessageBus from System THREESCALE-7834 - admin can't create application when developer is not allowed to pick a plan THREESCALE-7863 - Update some Obsolete API's in 3scale_v2.js THREESCALE-7884 - Service top application endpoint is not working properly THREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error THREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:
An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
-
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)
-
curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
USN-5079-1 introduced a regression in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16
In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0
- Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.79.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.35"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165337"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164740"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 0.5
},
"cve": "CVE-2021-22946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with Container Images, for Red Hat 3scale\nAPI Management 2.11.1. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTHREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan\nTHREESCALE-6879 - [3scale][2.11][HI-prio] Add \u0027Create new Application\u0027 flow to Product \u003e Applications index\nTHREESCALE-7030 - Address scalability in \u0027Create new Application\u0027 form\nTHREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes\nTHREESCALE-7475 - Some api calls result in \"Destroying user session\"\nTHREESCALE-7488 - Ability to add external Lua dependencies for custom policies\nTHREESCALE-7573 - Enable proxy environment variables via the APICAST CRD\nTHREESCALE-7605 - type change of \"policies_config\" in /admin/api/services/{service_id}/proxy.json\nTHREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO\nTHREESCALE-7644 - Metrics: Service for 3scale operator is missing\nTHREESCALE-7646 - Cleanup/refactor Products and Backends index logic\nTHREESCALE-7648 - Remove \"#context-menu\" from the url\nTHREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm\nTHREESCALE-7731 - Reenable operator metrics service for apicast-operator\nTHREESCALE-7761 - 3scale Operator doesn\u0027t respect *_proxy env vars\nTHREESCALE-7765 - Remove MessageBus from System\nTHREESCALE-7834 - admin can\u0027t create application when developer is not allowed to pick a plan\nTHREESCALE-7863 - Update some Obsolete API\u0027s in 3scale_v2.js\nTHREESCALE-7884 - Service top application endpoint is not working properly\nTHREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error\nTHREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-dotnet31-curl security update\nAdvisory ID: RHSA-2022:1354-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1354\nIssue date: 2022-04-13\nCVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. ==========================================================================\nUbuntu Security Notice USN-5079-3\nSeptember 21, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5079-1 introduced a regression in curl. One of the fixes introduced a\nregression on Ubuntu 18.04 LTS. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that curl incorrect handled memory when sending data to\n an MQTT server. A remote attacker could use this issue to cause curl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2021-22945)\n Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946)\n Patrick Monnerat discovered that curl incorrectly handled responses\n received before STARTTLS. A remote attacker could possibly use this issue\n to inject responses and intercept communications. (CVE-2021-22947)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.16\n libcurl3-gnutls 7.58.0-2ubuntu3.16\n libcurl3-nss 7.58.0-2ubuntu3.16\n libcurl4 7.58.0-2ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n2016256 - Release of OpenShift Serverless Eventing 1.19.0\n2016258 - Release of OpenShift Serverless Serving 1.19.0\n\n5. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. STF then transmits the information to a\ncentralized, receiving Red Hat OpenShift Container Platform (OCP)\ndeployment for storage, retrieval, and monitoring. \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22946"
},
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "PACKETSTORM",
"id": "165337"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164230"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "164740"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "169318"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22946",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1334111",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165053",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164740",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164993",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166112",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164230",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164220",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "PACKETSTORM",
"id": "165337"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164230"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "164740"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"id": "VAR-202109-1790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381420"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:52:02.171000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-325",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1334111"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5079-1"
},
{
"trust": 0.2,
"url": "https://launchpad.net/bugs/1944120"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5191"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5079-4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5079-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.16"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4059"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "PACKETSTORM",
"id": "165337"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164230"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "164740"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381420"
},
{
"db": "PACKETSTORM",
"id": "165337"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164230"
},
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "164740"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-381420"
},
{
"date": "2021-12-17T14:04:30",
"db": "PACKETSTORM",
"id": "165337"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-04-13T22:20:44",
"db": "PACKETSTORM",
"id": "166714"
},
{
"date": "2021-09-21T15:49:35",
"db": "PACKETSTORM",
"id": "164230"
},
{
"date": "2021-09-21T15:39:10",
"db": "PACKETSTORM",
"id": "164220"
},
{
"date": "2021-11-02T15:33:24",
"db": "PACKETSTORM",
"id": "164740"
},
{
"date": "2021-11-23T17:10:05",
"db": "PACKETSTORM",
"id": "165053"
},
{
"date": "2022-08-09T14:36:05",
"db": "PACKETSTORM",
"id": "168011"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2021-09-29T20:15:08.187000",
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381420"
},
{
"date": "2024-03-27T15:12:52.090000",
"db": "NVD",
"id": "CVE-2021-22946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164220"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "PACKETSTORM",
"id": "169318"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-5191-02",
"sources": [
{
"db": "PACKETSTORM",
"id": "165337"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
}
],
"trust": 0.1
}
}
var-201506-0498
Vulnerability from variot
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157667
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157667 Version: 1
HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-01 Last Updated: 2016-06-01
Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial of Service (DoS), Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include:
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF).
References:
CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted:
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21
Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.
The following products run the impacted versions of Virtual Connect (VC) firmware:
HPE VC Flex-10 10Gb Enet Module HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided an updated version of the BladeSystem c-Class Virtual Connect (VC) firmware to address these vulnerabilities.
HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50
The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public /detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d
HISTORY Version:1 (rev.1) - 1 June 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o
Description
Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"
References
[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam [CVE-2015-4000].
When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. [CVE-2015-1788]
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. [CVE-2015-1789]
The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. [CVE-2015-1790]
When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. [CVE-2015-1792]
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur, potentially leading to a double free of the ticket data. [CVE-2015-1791]
The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.
III. Impact
A man-in-the-middle attacker may be able to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. [CVE-2015-4000]. On FreeBSD 10.1, the patch contains a countermeasure for clients by rejecting handshakes with DH parameters shorter than 768 bits.
An attacker who is able to use a certificate to authenticate with a remote system perform denial of service against any system which processes public keys, certificate requests or certificates. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012.
An attacker can use the CVE-2015-1789 issue by using specifically crafted certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs.
An attacker who can create specifically crafted malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. [CVE-2015-1790]. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
An attacker can perform denial of service against any system which verifies signedData messages using the CMS code. [CVE-2015-1792]
An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
[FreeBSD 9.3 and 8.4]
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz
Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz
Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz
Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Summary:
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)
A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. (CVE-2015-4000)
Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790.
All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time 1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: openssl-0.9.8e-36.el5_11.src.rpm
i386: openssl-0.9.8e-36.el5_11.i386.rpm openssl-0.9.8e-36.el5_11.i686.rpm openssl-debuginfo-0.9.8e-36.el5_11.i386.rpm openssl-debuginfo-0.9.8e-36.el5_11.i686.rpm openssl-perl-0.9.8e-36.el5_11.i386.rpm
x86_64: openssl-0.9.8e-36.el5_11.i686.rpm openssl-0.9.8e-36.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-36.el5_11.i686.rpm openssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm openssl-perl-0.9.8e-36.el5_11.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: openssl-0.9.8e-36.el5_11.src.rpm
i386: openssl-debuginfo-0.9.8e-36.el5_11.i386.rpm openssl-devel-0.9.8e-36.el5_11.i386.rpm
x86_64: openssl-debuginfo-0.9.8e-36.el5_11.i386.rpm openssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm openssl-devel-0.9.8e-36.el5_11.i386.rpm openssl-devel-0.9.8e-36.el5_11.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: openssl-0.9.8e-36.el5_11.src.rpm
i386: openssl-0.9.8e-36.el5_11.i386.rpm openssl-0.9.8e-36.el5_11.i686.rpm openssl-debuginfo-0.9.8e-36.el5_11.i386.rpm openssl-debuginfo-0.9.8e-36.el5_11.i686.rpm openssl-devel-0.9.8e-36.el5_11.i386.rpm openssl-perl-0.9.8e-36.el5_11.i386.rpm
ia64: openssl-0.9.8e-36.el5_11.i686.rpm openssl-0.9.8e-36.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-36.el5_11.i686.rpm openssl-debuginfo-0.9.8e-36.el5_11.ia64.rpm openssl-devel-0.9.8e-36.el5_11.ia64.rpm openssl-perl-0.9.8e-36.el5_11.ia64.rpm
ppc: openssl-0.9.8e-36.el5_11.ppc.rpm openssl-0.9.8e-36.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-36.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-36.el5_11.ppc64.rpm openssl-devel-0.9.8e-36.el5_11.ppc.rpm openssl-devel-0.9.8e-36.el5_11.ppc64.rpm openssl-perl-0.9.8e-36.el5_11.ppc.rpm
s390x: openssl-0.9.8e-36.el5_11.s390.rpm openssl-0.9.8e-36.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-36.el5_11.s390.rpm openssl-debuginfo-0.9.8e-36.el5_11.s390x.rpm openssl-devel-0.9.8e-36.el5_11.s390.rpm openssl-devel-0.9.8e-36.el5_11.s390x.rpm openssl-perl-0.9.8e-36.el5_11.s390x.rpm
x86_64: openssl-0.9.8e-36.el5_11.i686.rpm openssl-0.9.8e-36.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-36.el5_11.i386.rpm openssl-debuginfo-0.9.8e-36.el5_11.i686.rpm openssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm openssl-devel-0.9.8e-36.el5_11.i386.rpm openssl-devel-0.9.8e-36.el5_11.x86_64.rpm openssl-perl-0.9.8e-36.el5_11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-1789 https://access.redhat.com/security/cve/CVE-2015-1790 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150611.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0q"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "sparc-opl service processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1121"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0p"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zf"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0r"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.9,
"vendor": "juniper",
"version": null
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series all versions"
},
{
"model": "hpe systems insight manager",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "6.1"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise peopletools 8.54"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver6.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v7.1 to v8.1"
},
{
"model": "hpe matrix operating environment",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0s"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "7.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v4.2 to v6.5"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "mcoperations ver3.6.2 to ver4.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "ix3000 series",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "ip38x/5000",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "capssuite",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0 to v4.0 manager component"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.01"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.25 and earlier"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "univerge",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3c ucm"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "hpe insight control",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "none"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "systemmanager ver5.5.2 to ver6.2.1"
},
{
"model": "ip38x/3500",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v9.2"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7500/nv5500/nv3500 series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7400/nv5400/nv3400 series"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle exalogic infrastructure eecs 2.0.6.2.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator probe option ver3.1.0.x to ver4.1.0.x"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.02"
},
{
"model": "univerge",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3c cmm"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v9.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.2 to v6.5"
},
{
"model": "hpe server migration pack",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v7.1"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise peopletools 8.53"
},
{
"model": "hpe version control repository manager",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.1"
},
{
"model": "ip38x/810",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v4.1 to v6.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "hpe insight control",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "server provisioning"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1121"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle transportation management 6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1 to v8.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator agent ver3.3 to ver4.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "ix2000 series",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "supply chain products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle transportation management 6.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4 to v9.2"
},
{
"model": "ip38x/1210",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator manager ver3.2.2 to ver4.1"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v9.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1n"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "8.0"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7.1.2.6"
},
{
"model": "sparc-opl service processor",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1121"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.6"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "junos 12.1x44-d33",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.0.0"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.6"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.12"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.17"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.7"
},
{
"model": "imc products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "junos 12.1x44-d50",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.15"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sdk for node.js for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0.10.38"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1n",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.211"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "junos 15.1r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.3"
},
{
"model": "security network controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sterling connect:enterprise for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.4.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.12"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.0"
},
{
"model": "abyp-2t-1s-1l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "system networking rackswitch g8052",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.4.0"
},
{
"model": "fortimail",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"model": "abyp-10g-2sr-2lr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4.2"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "tealeaf customer experience",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.08"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "system networking rackswitch g8052",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.17"
},
{
"model": "exalogic infrastructure eecs",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.6.2.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1.1"
},
{
"model": "infosphere master data management provider hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "abyp-10g-4lr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4.0.5"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5.0.2"
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "qradar siem patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.34"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.3.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.4.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "70"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "flashsystem 9840-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3387"
},
{
"model": "abyp-10g-4sr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "enterprise session border controller ecz7.3m2p2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "ds8870 r7.5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "sdk for node.js for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0.12.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4.0.5"
},
{
"model": "infosphere master data management standard/advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.213"
},
{
"model": "qradar siem mr2 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.18"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.0.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "fortivoice enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0.6"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4.7"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.28"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "junos 12.1x44-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "junos 12.1x46-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "system networking rackswitch g8124",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0"
},
{
"model": "icewall sso dfw",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "junos 13.2x51-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "infosphere master data management standard/advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.12"
},
{
"model": "project openssl 1.0.0s",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"model": "junos 12.1x47-d45",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1121"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "screenos 6.3.0r13",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "initiate master data service provider hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "fortiddos",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.5"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.5"
},
{
"model": "secure backup",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.13"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "version control repository manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "project openssl 0.9.8zf",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "abyp-0t-0s-4l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "qradar incident forensics mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.14"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "system networking rackswitch g8316",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "unified security management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5.0.2"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.0.3"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.18"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.3"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "infosphere guardium for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "rational application developer for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.2"
},
{
"model": "tealeaf customer experience",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1121"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.7"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.0.1.0"
},
{
"model": "system networking rackswitch g8124",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.4.0"
},
{
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "qradar siem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.3"
},
{
"model": "fsso build",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "235"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.2"
},
{
"model": "security network controller 1.0.3376m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "operations agent",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "12.01"
},
{
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "junos 13.2x51-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.14"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.1l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "junos 12.3r10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.214"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.2"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.211"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "insight orchestration",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "junos 14.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "version control agent",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.12"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4.0.6"
},
{
"model": "open source siem",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "junos 13.3r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "abyp-4tl-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "cms r16.3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "netinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5.0.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3361"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "junos 14.1r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "linux enterprise server sp2 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.33"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "enterprise content management system monitor fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.02"
},
{
"model": "sterling connect:enterprise for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.4.03"
},
{
"model": "i v5r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "abyp-2t-1s-1l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "icewall sso agent option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"model": "junos 14.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "system networking rackswitch g8264t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.14.0"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "junos 14.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.213"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "i v5r3",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system networking rackswitch g8052",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "one-x client enablement services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "screenos 6.3.0r19",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.8.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.14"
},
{
"model": "abyp-2t-2s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "abyp-0t-4s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.15"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.213"
},
{
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational application developer for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "hp-ux b.11.11.16.09",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.07"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.38"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.12"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "qradar siem patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.41"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "aura utility services sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.12"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.3"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "fortirecorder",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6.1"
},
{
"model": "abyp-2t-0s-2l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.16"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.14"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system networking rackswitch g8264t",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "tealeaf customer experience",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "system networking rackswitch g8264",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.4.0"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4.0.6"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4.3"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.15"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.0"
},
{
"model": "system networking rackswitch g8264",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "junos 12.1x47-d11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.35"
},
{
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.3r7",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "unified security management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.14"
},
{
"model": "project openssl 0.9.8zg",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 13.2x51-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1121"
},
{
"model": "abyp-0t-4s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "qradar siem mr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.8"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.7"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.1.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.210"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.13"
},
{
"model": "project openssl 1.0.1m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.16"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.10"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.2"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "abyp-10g-2sr-2lr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl 1.0.0r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "aura conferencing sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3376"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.0.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.11"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "workload deployer if9",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.7"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.010"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "junos 12.3r9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.212"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.124"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6.0"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "hp-ux b.11.11.14.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1"
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "system networking rackswitch g8332",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.20.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "fortiadc",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.12"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5.0.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.12"
},
{
"model": "endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "bladesystem c-class virtual connect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.21"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified security management",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.15"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "hp-ux b.11.11.15.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "qradar incident forensics patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.41"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5.0.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "junos 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5.0.3"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.4"
},
{
"model": "project openssl 1.0.0q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.14"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "one-x client enablement services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.15"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.24"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "insight control server provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x44-d51",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "enterprise linux server eus 6.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.8"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "qradar incident forensics mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "sterling connect:enterprise for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.6"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.2"
},
{
"model": "initiate master data service patient hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "junos 12.3x48-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "junos d30",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.7"
},
{
"model": "sdk for node.js",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.3"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.16"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.03"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.1"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.9"
},
{
"model": "bladesystem c-class virtual connect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.30"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.3"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "junos 12.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "aura conferencing sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "system networking rackswitch g8264cs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.11.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "security network controller 1.0.3387m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"model": "junos d40",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "junos 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller 1.0.3379m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "50"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "abyp-4ts-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sterling connect:enterprise for unix ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.38"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.14"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "screenos 6.3.0r22",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4.0.5"
},
{
"model": "endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "netinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.14"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.214"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.16"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "junos 14.1r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.16"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "abyp-0t-2s-2l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.10"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.17"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "project openssl 0.9.8ze",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.5"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.7"
},
{
"model": "hp-ux b.11.23.1.007",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "unified security management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0"
},
{
"model": "forticlient windows/mac",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.31"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.7"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "sterling connect:enterprise for unix ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.4.04"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4.0.6"
},
{
"model": "security network controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security identity governance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system networking rackswitch g8264",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.12"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.13"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.0.0"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "hp-ux b.11.11.02.008",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.13"
},
{
"model": "insight control server provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "abyp-10g-4sr-1-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.1"
},
{
"model": "initiate master data service provider hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "junos 14.2r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.4"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "powerkvm build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.157"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "junos 12.1x47-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.8"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "vcx products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "qradar incident forensics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.10"
},
{
"model": "security network controller 1.0.3381m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "flashsystem 9843-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.9"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "system networking rackswitch g8264cs",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "hp-ux b.11.11.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.01"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.03"
},
{
"model": "forticlient ios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5.0.3"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.41"
},
{
"model": "forticlient android",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.6"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "sonas",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.2"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.41"
},
{
"model": "hp-ux b.11.23.07.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system networking rackswitch g8052",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.14.0"
},
{
"model": "initiate master data service patient hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "aura conferencing sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.14"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"model": "abyp-4tl-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "project openssl 1.0.0p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "junos 12.1x46-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.09"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.25"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "junos 15.1x49-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "insight control",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.010"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "abyp-4t-0s-0l-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.41"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.12"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.10"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.5"
},
{
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.13"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "bladesystem c-class virtual connect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.62"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "infosphere master data management standard/advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "junos 12.3x48-d30",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3379"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"model": "junos 13.2x51-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.16"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.8"
},
{
"model": "aura conferencing sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.05"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5.0.2"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.2"
},
{
"model": "junos 15.1x49-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "fortiauthenticator",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.1"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.7"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 12.1x44-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "security network controller 1.0.3361m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 12.1x47-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.13"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "ascenlink",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "7.2.3"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.16"
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sterling integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.9"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4.0.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "junos 13.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.4"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0"
},
{
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.27"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "communications security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "junos 12.3x48-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"model": "qradar siem patch ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.44"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.16"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.5"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.210"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.9"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "system networking rackswitch g8316",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.14.0"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.00"
},
{
"model": "filenet system monitor interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "junos 12.3r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "screenos 6.3.0r21",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"model": "aura communication manager ssp04",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.0"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "tealeaf customer experience",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "general parallel file system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.0"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise content management system monitor interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 13.3r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "sterling connect:enterprise for unix ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.06"
},
{
"model": "junos 12.1x44-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.6"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.07"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "bladesystem c-class virtual connect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "4.50"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.8"
},
{
"model": "abyp-10g-4lr-1-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.6"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1121"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational application developer for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "qradar siem mr2 patch ifi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.110"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "abyp-0t-0s-4l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "unified security management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "5.0.3"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "abyp-4t-0s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "hp-ux b.11.11.13.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "abyp-0t-2s-2l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.34"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "screenos 6.3.0r12",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.211"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.14"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.2.0"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.12"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "junos 13.2x51-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladesystem c-class virtual connect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.45"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.17"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "junos 14.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.0"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.11"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.21"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.0"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "system networking rackswitch g8332",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.21.0"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.010"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "junos 12.3r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "sdk for node.js",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.15"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1121"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.26"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "junos d35",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "unified security management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "qradar siem mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.37"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "junos 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.2"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.211"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.9"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.3"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.19"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "version control repository manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.1"
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "abyp-2t-2s-0l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3381"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "operations agent",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.15"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "abyp-4ts-p",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.02"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "junos 12.3r11",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "linux enterprise server sp1 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "screenos 6.3.0r20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "junos 13.3r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cognos insight standard edition fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.24"
},
{
"model": "forticache",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "aura application server sip core sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "project openssl 0.9.8zd",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "junos 14.1r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "project openssl 1.0.1k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "server migration pack",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.33"
},
{
"model": "sterling connect:enterprise for unix ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.37"
},
{
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "qradar siem patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.43"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "predictiveinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "junos 12.1x44-d35.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.3.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "open source siem",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.12"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "junos 14.2r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.10"
},
{
"model": "icewall mcrp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"model": "abyp-2t-0s-2l-p-m",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "system networking rackswitch g8264",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.14.0"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.32"
},
{
"model": "junos 13.2x51-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "qradar siem mr2 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.19"
}
],
"sources": [
{
"db": "BID",
"id": "75156"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:e-business_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:peoplesoft_products",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:supply_chain_products_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xcp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:insight_control",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:matrix_operating_environment",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:server_migration_pack",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:systems_insight_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:version_control_repository_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:capssuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:express5800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1210",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_5000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_fw120",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:istorage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ix2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ix3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:univerge",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Swiecki(Google) and Hanno B\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;ouml;ck.",
"sources": [
{
"db": "BID",
"id": "75156"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-1789",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-1789",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1789",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-1789",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-1789",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157667\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157667\nVersion: 1\n\nHPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware,\nRemote Denial of Service (DoS), Disclosure of Information, Cross-Site Request\nForgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial\nof Service (DoS), Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nBladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities\ninclude:\n\nThe SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \nThe Cross-protocol Attack on TLS using SSLv2 also known as \"DROWN\", which\ncould be exploited remotely resulting in disclosure of information. \nAdditional OpenSSL and OpenSSH vulnerabilities which could be remotely\nexploited resulting in Denial of Service (DoS), disclosure of information, or\nCross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2016-0800\nCVE-2016-0799\nCVE-2016-2842\nCVE-2015-1789\nCVE-2015-1791\nCVE-2015-3194\nCVE-2015-0705\nCVE-2015-5600\nCVE-2014-3566\nCVE-2008-5161\nSSRT102281\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nThe following products run the impacted versions of Virtual Connect (VC)\nfirmware:\n\nHPE VC Flex-10 10Gb Enet Module\nHPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided an updated version of the BladeSystem c-Class Virtual\nConnect (VC) firmware to address these vulnerabilities. \n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50\n\nThe update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public\n/detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1o \u003e= 0.9.8z_p7\n \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl Security Advisory\n The FreeBSD Project\n\nTopic: Multiple OpenSSL vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-06-12\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA vulnerability in the TLS protocol would allow a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. \nThis vulnerability is also known as Logjam [CVE-2015-4000]. \n\nWhen processing an ECParameters structure OpenSSL enters an infinite\nloop if the curve specified is over a specially malformed binary\npolynomial field. [CVE-2015-1788]\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in\nthe time string. [CVE-2015-1789]\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. [CVE-2015-1790]\n\nWhen verifying a signedData message the CMS code can enter an infinite\nloop if presented with an unknown hash function OID. [CVE-2015-1792]\n\nIf a NewSessionTicket is received by a multi-threaded client when\nattempting to reuse a previous ticket then a race condition can occur,\npotentially leading to a double free of the ticket data. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. Impact\n\nA man-in-the-middle attacker may be able to downgrade vulnerable TLS\nconnections using ephemeral Diffie-Hellman key exchange to 512-bit\nexport-grade cryptography. [CVE-2015-4000]. On FreeBSD 10.1, the\npatch contains a countermeasure for clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. \n\nAn attacker who is able to use a certificate to authenticate with\na remote system perform denial of service against any system which\nprocesses public keys, certificate requests or certificates. \n[CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. \n\nAn attacker can use the CVE-2015-1789 issue by using specifically\ncrafted certificates and CRLs of various sizes and potentially\ncause a segmentation fault, resulting in a DoS on applications that\nverify certificates or CRLs. \n\nAn attacker who can create specifically crafted malformed ASN.1-encoded\nPKCS#7 blobs with missing content and trigger a NULL pointer dereference\non parsing. [CVE-2015-1790]. Applications that decrypt PKCS#7 data\nor otherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nAn attacker can perform denial of service against any system which\nverifies signedData messages using the CMS code. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r284286\nreleng/8.4/ r284295\nstable/9/ r284286\nreleng/9.3/ r284295\nstable/10/ r284285\nreleng/10.1/ r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. \n Fixes several bugs and security issues:\n o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n o Race condition handling NewSessionTicket (CVE-2015-1791)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 5. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. \n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash. \n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman \n(DH) key exchange. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to \nreject DH key sizes below 768 bits, which prevents sessions to be \ndowngraded to export-grade keys. Future updates may raise this limit to \n1024 bits. \n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789\nand CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno B\u00f6ck as\nthe original reporters of CVE-2015-1789, and Michal Zalewski as the\noriginal reporter of CVE-2015-1790. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time\n1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-36.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-36.el5_11.i386.rpm\nopenssl-0.9.8e-36.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i686.rpm\nopenssl-perl-0.9.8e-36.el5_11.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-36.el5_11.i686.rpm\nopenssl-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-36.el5_11.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-36.el5_11.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-36.el5_11.i386.rpm\nopenssl-devel-0.9.8e-36.el5_11.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-36.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-36.el5_11.i386.rpm\nopenssl-devel-0.9.8e-36.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl-0.9.8e-36.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-36.el5_11.i386.rpm\nopenssl-0.9.8e-36.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i686.rpm\nopenssl-devel-0.9.8e-36.el5_11.i386.rpm\nopenssl-perl-0.9.8e-36.el5_11.i386.rpm\n\nia64:\nopenssl-0.9.8e-36.el5_11.i686.rpm\nopenssl-0.9.8e-36.el5_11.ia64.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.ia64.rpm\nopenssl-devel-0.9.8e-36.el5_11.ia64.rpm\nopenssl-perl-0.9.8e-36.el5_11.ia64.rpm\n\nppc:\nopenssl-0.9.8e-36.el5_11.ppc.rpm\nopenssl-0.9.8e-36.el5_11.ppc64.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.ppc.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.ppc64.rpm\nopenssl-devel-0.9.8e-36.el5_11.ppc.rpm\nopenssl-devel-0.9.8e-36.el5_11.ppc64.rpm\nopenssl-perl-0.9.8e-36.el5_11.ppc.rpm\n\ns390x:\nopenssl-0.9.8e-36.el5_11.s390.rpm\nopenssl-0.9.8e-36.el5_11.s390x.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.s390.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.s390x.rpm\nopenssl-devel-0.9.8e-36.el5_11.s390.rpm\nopenssl-devel-0.9.8e-36.el5_11.s390x.rpm\nopenssl-perl-0.9.8e-36.el5_11.s390x.rpm\n\nx86_64:\nopenssl-0.9.8e-36.el5_11.i686.rpm\nopenssl-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-36.el5_11.i386.rpm\nopenssl-devel-0.9.8e-36.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-36.el5_11.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-1789\nhttps://access.redhat.com/security/cve/CVE-2015-1790\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1789"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "BID",
"id": "75156"
},
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "132288"
},
{
"db": "PACKETSTORM",
"id": "132285"
},
{
"db": "PACKETSTORM",
"id": "136989"
},
{
"db": "PACKETSTORM",
"id": "132508"
},
{
"db": "PACKETSTORM",
"id": "137201"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1789",
"trust": 3.5
},
{
"db": "JUNIPER",
"id": "JSA10733",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10694",
"trust": 2.0
},
{
"db": "BID",
"id": "75156",
"trust": 2.0
},
{
"db": "BID",
"id": "91787",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10122",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1032564",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91445763",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-21",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136989",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "BID",
"id": "75156"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "132288"
},
{
"db": "PACKETSTORM",
"id": "132285"
},
{
"db": "PACKETSTORM",
"id": "136989"
},
{
"db": "PACKETSTORM",
"id": "132508"
},
{
"db": "PACKETSTORM",
"id": "137201"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"id": "VAR-201506-0498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27443620166666666
},
"last_update_date": "2024-09-17T20:22:01.893000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205031"
},
{
"title": "cisco-sa-20150612-openssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"title": "Fix length checks in X509_cmp_time to avoid out-of-bounds reads.",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"title": "HPSBUX03388",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
},
{
"title": "HPSBMU03612",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380"
},
{
"title": "HPSBHF03613",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351"
},
{
"title": "HPSBMU03546",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05045763"
},
{
"title": "HPSBMU03611",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/JVNVU91445763/522154/index.html"
},
{
"title": "NV15-010",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
},
{
"title": "OpenSSL vulnerabilities",
"trust": 0.8,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"title": "Tarballs",
"trust": 0.8,
"url": "https://www.openssl.org/source/"
},
{
"title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"title": "April 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "January 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
},
{
"title": "JSA10694",
"trust": 0.8,
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"title": "TLSA-2015-14",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2015/TLSA-2015-14j.html"
},
{
"title": "cisco-sa-20150612-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
},
{
"title": "openssl-1.0.1n",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=56612"
},
{
"title": "openssl-1.0.0s",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=56611"
},
{
"title": "openssl-0.9.8zg",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=56610"
},
{
"title": "openssl-1.0.2b",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=56613"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
},
{
"title": "Red Hat: CVE-2015-1789",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-1789"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2639-1"
},
{
"title": "Amazon Linux AMI: ALAS-2015-550",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-550"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-07"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
},
{
"title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2015-1789 "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/khadas/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/yaap/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroid-r/external_honggfuzz "
},
{
"title": "tab_pie_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CredenceID/tab_pie_external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/DennissimOS/platform_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/swordphoenix/external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
},
{
"title": "honggfuzz_READ",
"trust": 0.1,
"url": "https://github.com/imbaya2466/honggfuzz_READ "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/bananadroid/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ForkLineageOS/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TheXPerienceProject/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Wave-Project/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Project-1CE/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroidandroid/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/StatiXOS/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CAF-Extended/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Ozone-OS/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Corvus-R/android_external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerEdgeR-Android/external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ep-infosec/50_google_honggfuzz "
},
{
"title": "lllnx",
"trust": 0.1,
"url": "https://github.com/lllnx/lllnx "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard-Android/external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/HavocR/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP-platina/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP/android_external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Tomoms/android_external_honggfuzz "
},
{
"title": "honggfuzz",
"trust": 0.1,
"url": "https://github.com/google/honggfuzz "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"trust": 2.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
},
{
"trust": 2.0,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/75156"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
},
{
"trust": 1.7,
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.7,
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
},
{
"trust": 1.7,
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"trust": 1.7,
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"trust": 1.7,
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"trust": 1.7,
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.7,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-2639-1"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032564"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91445763/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1789"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2015-1789"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1115"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228603"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1197"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/13"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/135"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21961837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21966484"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101012435"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101013879"
},
{
"trust": 0.3,
"url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101012550"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21903425"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2639-1/"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/sim"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/info/insightmanagement"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "BID",
"id": "75156"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "132288"
},
{
"db": "PACKETSTORM",
"id": "132285"
},
{
"db": "PACKETSTORM",
"id": "136989"
},
{
"db": "PACKETSTORM",
"id": "132508"
},
{
"db": "PACKETSTORM",
"id": "137201"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"db": "BID",
"id": "75156"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "132288"
},
{
"db": "PACKETSTORM",
"id": "132285"
},
{
"db": "PACKETSTORM",
"id": "136989"
},
{
"db": "PACKETSTORM",
"id": "132508"
},
{
"db": "PACKETSTORM",
"id": "137201"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"date": "2015-06-11T00:00:00",
"db": "BID",
"id": "75156"
},
{
"date": "2015-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"date": "2016-06-02T16:22:00",
"db": "PACKETSTORM",
"id": "137294"
},
{
"date": "2015-06-22T14:14:00",
"db": "PACKETSTORM",
"id": "132398"
},
{
"date": "2015-06-12T13:25:28",
"db": "PACKETSTORM",
"id": "132288"
},
{
"date": "2015-06-12T13:17:58",
"db": "PACKETSTORM",
"id": "132285"
},
{
"date": "2016-05-13T16:14:13",
"db": "PACKETSTORM",
"id": "136989"
},
{
"date": "2015-07-01T02:01:05",
"db": "PACKETSTORM",
"id": "132508"
},
{
"date": "2016-05-26T09:22:00",
"db": "PACKETSTORM",
"id": "137201"
},
{
"date": "2015-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"date": "2015-06-12T19:59:02.507000",
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1789"
},
{
"date": "2017-05-02T01:08:00",
"db": "BID",
"id": "75156"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003081"
},
{
"date": "2023-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-245"
},
{
"date": "2023-02-13T00:46:47.770000",
"db": "NVD",
"id": "CVE-2015-1789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL of crypto/x509/x509_vfy.c of X509_cmp_time Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-245"
}
],
"trust": 0.6
}
}
var-201501-0434
Vulnerability from variot
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
- It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2014-3570)
Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them.
This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References. Solution:
The References section of this erratum contains a download link (you must log in to download the update).
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. OpenSSL Security Advisory [08 Jan 2015]
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerlinux 7r2",
"scope": "eq",
"trust": 1.2,
"vendor": "ibm",
"version": "0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7200"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7800"
},
{
"model": "power",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7100"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.1"
},
{
"model": "sparc enterprise m3000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.3"
},
{
"model": "ip38x/fw120",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rev.11.03.08 before"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "sparc enterprise m5000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "agent 8.0"
},
{
"model": "sparc enterprise m9000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.2"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2260"
},
{
"model": "sparc enterprise m4000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.0"
},
{
"model": "ip38x/sr100",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle mobile security suite mss 3.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "agent 8.0 2007 update release 2"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r3"
},
{
"model": "ip38x/3000",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0p"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r2"
},
{
"model": "ip38x/58i",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "3.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "ip38x/1200",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.22 and earlier"
},
{
"model": "ip38x/3500",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.4"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.4"
},
{
"model": "ip38x/n500",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r1"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(arm) 4.2"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 10.0"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 4.3"
},
{
"model": "ip38x/1210",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1120"
},
{
"model": "hp thinpro linux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "(x86) 5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(fujitsu m10-1/m10-4/m10-4s server )"
},
{
"model": "sparc enterprise m8000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "ip38x/5000",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "all revisions"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"model": "ip38x/810",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rev.11.01.21 before"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7400"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5200"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "5700"
},
{
"model": "power",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7300"
},
{
"model": "powerlinux 7r1",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "power system s822",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.00"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205635"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "flex system p270 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7954-24x)0"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems e870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355042540"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "netezza platform software 7.0.4.7-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "project openssl 0.9.8u",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2.2"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.0"
},
{
"model": "cms",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "17.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-23x)0"
},
{
"model": "netezza platform software 7.2.0.4-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli netcool/reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.21"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "netezza platform software 7.0.2.16-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355041980"
},
{
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5750"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "power system s814",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.21"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "10.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems 350.e0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "sparc enterprise m5000",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "power systems 350.e1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "netezza platform software 7.0.2.15-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.00"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079450"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "norman shark scada protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.03"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205577"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "10g vfsm for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.6.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571451.43"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365042550"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571910"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.00"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 12.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.45"
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.3"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571480"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073800"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "netezza platform software 7.1.0.4-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "powerlinux 7r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "norman shark network protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "proxysg sgos",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5.6.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system idataplex dx360 m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63910"
},
{
"model": "tivoli provisioning manager for images",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "sparc enterprise m4000",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power ese",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571460"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571431.43"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "cognos controller if1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "820.02"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.11"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.7"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.7"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "linux enterprise server for vmware sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "flex system p260 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-22x)0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571470"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "netezza platform software 7.0.4.8-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056340"
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "power system s824l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365041990"
},
{
"model": "system m4 hd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "flex system interconnect fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "560"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10g vfsm for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "norman shark industrial control system protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power 795",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.51"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571430"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73210"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "1:10g switch for bladecenter",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.10.0"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power system s822l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571450"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504667"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5205587"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1.1"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63800"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "cognos controller interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.41"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bladecenter js22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-61x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.20"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.32"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "openssh for gpfs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079460"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.2"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.8"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.213"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079440"
},
{
"model": "bladecenter js23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x)0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571920"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079470"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "52056330"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571490"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "1:10g switch for bladecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.80"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "bladecenter js43 with feature code",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7778-23x8446)0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x330073820"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "power system s824",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7500"
},
{
"model": "packetshaper s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "sparc enterprise m3000",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "power systems e880",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.0"
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-42x)0"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8734-"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.12"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.20"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.02"
},
{
"model": "bladecenter js12 express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7998-60x)0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.50"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"model": "cognos controller if3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "flex system p24l compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "power system s812l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.4.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "flex system manager node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8731-"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.11"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "783.01"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73230"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363073770"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.10"
},
{
"model": "flex system interconnect fabric",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"model": "cognos controller fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "project openssl 1.0.0h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "netezza platform software 7.1.0.5-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.6"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "810.01"
},
{
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.40"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "74.90"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "flex system p260 compute node /fc efd9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "power",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5950"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "junos os 12.3x48-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054540"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "sparc enterprise m8000",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "proxysg sgos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.2"
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "780.01"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "power express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "550"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350078390"
},
{
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "management center",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3.2.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "power express f/c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5504965"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.60"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"model": "content analysis system",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2.3.1"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "flex system p460 compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "(7895-43x)0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "sparc enterprise m9000",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79190"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli provisioning manager for images system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x7.1.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "71939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_core_session_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xcp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:icewall_mcrp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:icewall_sso",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:thinpro_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_107e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1210",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_1500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_3500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_5000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_58i",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_fw120",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_n500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:ip38x_sr100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:device_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:tuning_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
}
],
"trust": 0.4
},
"cve": "CVE-2014-3570",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3570",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3570",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3570",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2014-3570",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2014-3570)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. \nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user\u0027s password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nIt was found that a prior countermeasure in Apache WSS4J for\nBleichenbacher\u0027s attack on XML Encryption (CVE-2011-2487) threw an\nexception that permitted an attacker to determine the failure of the\nattempted attack, thereby leaving WSS4J vulnerable to the attack. \nThe original flaw allowed a remote attacker to recover the entire plain\ntext form of a symmetric key. A remote attacker could use this flaw to\nlog to a victim\u0027s account via PicketLink. (CVE-2015-0277)\n\nIt was discovered that a JkUnmount rule for a subtree of a previous JkMount\nrule could be ignored. This could allow a remote attacker to potentially\naccess a private artifact in a tree that would otherwise not be accessible\nto them. (CVE-2015-0204)\n\nIt was found that Apache WSS4J permitted bypass of the\nrequireSignedEncryptedDataElements configuration property via XML Signature\nwrapping attacks. A remote attacker could use this flaw to modify the\ncontents of a signed request. (CVE-2014-3570)\n\nIt was found that the Command Line Interface, as provided by Red Hat\nEnterprise Application Platform, created a history file named\n.jboss-cli-history in the user\u0027s home directory with insecure default file\npermissions. This could allow a malicious local user to gain information\notherwise not accessible to them. \n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,\nlinked to in the References. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. This could lead to a Denial Of Service attack. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3570"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "BID",
"id": "71939"
},
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3570",
"trust": 3.2
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "71939",
"trust": 1.4
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU91828320",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98974537",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2014-3570",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131359",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130051",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "BID",
"id": "71939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"id": "VAR-201501-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35468420666666667
},
"last_update_date": "2024-09-18T23:22:02.833000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204659"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204659"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"title": "Fix for CVE-2014-3570 (with minor bn_asm.c revamp).",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
},
{
"title": "HS15-031",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-031/index.html"
},
{
"title": "HPSBUX03244 SSRT101885",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04556853"
},
{
"title": "HPSBGN03299",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"title": "HPSBHF03289",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"title": "NV15-017",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
},
{
"title": "Bignum squaring may produce incorrect results (CVE-2014-3570)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Oracle Third Party Bulletin - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"title": "RHSA-2015:0066",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0066.html"
},
{
"title": "RHSA-2015:0849 ",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
},
{
"title": "HS15-031",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-031/index.html"
},
{
"title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20150327b.html"
},
{
"title": "TLSA-2015-2",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2015/TLSA-2015-2j.html"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
},
{
"title": "Red Hat: CVE-2014-3570",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3570"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-03"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
},
{
"title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
},
{
"trust": 1.1,
"url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/71939"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91828320/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98974537/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3570"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101010784"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21700028"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
},
{
"trust": 0.1,
"url": "https://www.frida.re"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "http://dtorres.me)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=appplatform\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/insightupdates"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/smh"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "BID",
"id": "71939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"db": "BID",
"id": "71939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "131359"
},
{
"db": "PACKETSTORM",
"id": "131471"
},
{
"db": "PACKETSTORM",
"id": "133316"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "132763"
},
{
"db": "PACKETSTORM",
"id": "129867"
},
{
"db": "PACKETSTORM",
"id": "130051"
},
{
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71939"
},
{
"date": "2015-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"date": "2016-08-22T23:25:00",
"db": "PACKETSTORM",
"id": "138473"
},
{
"date": "2015-04-09T16:30:50",
"db": "PACKETSTORM",
"id": "131359"
},
{
"date": "2015-04-17T06:44:37",
"db": "PACKETSTORM",
"id": "131471"
},
{
"date": "2015-08-26T01:33:07",
"db": "PACKETSTORM",
"id": "133316"
},
{
"date": "2015-03-24T17:05:09",
"db": "PACKETSTORM",
"id": "130987"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-08-26T01:35:08",
"db": "PACKETSTORM",
"id": "133325"
},
{
"date": "2015-07-21T13:37:51",
"db": "PACKETSTORM",
"id": "132763"
},
{
"date": "2015-01-09T02:01:10",
"db": "PACKETSTORM",
"id": "129867"
},
{
"date": "2015-01-22T01:35:41",
"db": "PACKETSTORM",
"id": "130051"
},
{
"date": "2015-01-09T02:59:00.053000",
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3570"
},
{
"date": "2017-01-23T00:09:00",
"db": "BID",
"id": "71939"
},
{
"date": "2016-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007551"
},
{
"date": "2017-11-15T02:29:05.220000",
"db": "NVD",
"id": "CVE-2014-3570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "71939"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL of BN_sqr Vulnerability that breaks cryptographic protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "71939"
}
],
"trust": 0.3
}
}
var-201902-0101
Vulnerability from variot
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed.
cURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201903-03
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.64.0 >= 7.64.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
References
[ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
CVE-2018-16890
Wenxiang Qian of Tencent Blade Team discovered that the function
handling incoming NTLM type-2 messages does not validate incoming
data correctly and is subject to an integer overflow vulnerability,
which could lead to an out-of-bounds buffer read.
CVE-2019-3822
Wenxiang Qian of Tencent Blade Team discovered that the function
creating an outgoing NTLM type-3 header is subject to an integer
overflow vulnerability, which could lead to an out-of-bounds write.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: NTLM type-2 out-of-bounds buffer read. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netapp:clustered_data_ontap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Carpenter, Geeknik Labs and Wenxiang Qian from Tencent Blade Team.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3823",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3823",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3823",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3823",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3823",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3823",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\u0027t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. \ncURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 10, 2019\n Bugs: #665292, #670026, #677346\n ID: 201903-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.64.0 \u003e= 7.64.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.64.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-14618\n https://nvd.nist.gov/vuln/detail/CVE-2018-14618\n[ 2 ] CVE-2018-16839\n https://nvd.nist.gov/vuln/detail/CVE-2018-16839\n[ 3 ] CVE-2018-16840\n https://nvd.nist.gov/vuln/detail/CVE-2018-16840\n[ 4 ] CVE-2018-16842\n https://nvd.nist.gov/vuln/detail/CVE-2018-16842\n[ 5 ] CVE-2019-3822\n https://nvd.nist.gov/vuln/detail/CVE-2019-3822\n[ 6 ] CVE-2019-3823\n https://nvd.nist.gov/vuln/detail/CVE-2019-3823\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nCVE-2018-16890\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read. \n\nCVE-2019-3822\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n creating an outgoing NTLM type-3 header is subject to an integer\n overflow vulnerability, which could lead to an out-of-bounds write. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could possibly use this issue to\ncause curl to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n NTLM type-2 out-of-bounds buffer read. \n NTLMv2 type-3 header stack buffer overflow. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3823",
"trust": 3.4
},
{
"db": "BID",
"id": "106950",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-936080",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152034",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0846",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-068-10",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"id": "VAR-201902-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.71363634
},
"last_update_date": "2024-08-14T12:46:19.461000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTAP-20190315-0001",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"title": "SMTP end-of-response out-of-bounds read",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/CVE-2019-3823.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193701 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-3823",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-3823"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3882-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-3823"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=17333d813b4221a6afc6ca8faac611f6"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106950"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823"
},
{
"trust": 2.0,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf"
},
{
"trust": 1.5,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 1.4,
"url": "https://curl.haxx.se/docs/cve-2019-3823.html"
},
{
"trust": 1.4,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/download.html"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/86724581b6c"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/39df4073"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/2766262a68"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/50c94842"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/docs/cve-2019-3822.html"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3822"
},
{
"trust": 0.9,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2019/dsa-4386third party advisory"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3882-1/third party advisory"
},
{
"trust": 0.6,
"url": "https://curl.haxx.se/docs/cve-2019-3823.htmlpatchvendor advisory"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823exploitissue trackingthird party advisory"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10881996"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-10"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0846"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16842"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16840"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16839"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"date": "2019-03-11T18:48:31",
"db": "PACKETSTORM",
"id": "152034"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"date": "2019-02-06T20:29:00.400000",
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"date": "2019-07-17T06:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-125"
},
{
"date": "2023-11-07T03:10:12.930000",
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.6
}
}
var-201607-0587
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. A remote attacker could exploit this vulnerability to update, insert, or delete data, affecting data integrity
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3451",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-3451",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-92270",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-3451",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3451",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-3451",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-660",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92270",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-3451",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92270"
},
{
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Web\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. A remote attacker could exploit this vulnerability to update, insert, or delete data, affecting data integrity",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3451"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
},
{
"db": "VULHUB",
"id": "VHN-92270"
},
{
"db": "VULMON",
"id": "CVE-2016-3451"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3451",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92022",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92270",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-3451",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92270"
},
{
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"id": "VAR-201607-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92270"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:23:38.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63020"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92022"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3451"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3451"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92270"
},
{
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92270"
},
{
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-92270"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92022"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"date": "2016-07-21T10:12:15.067000",
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-92270"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3451"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92022"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003866"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-660"
},
{
"date": "2017-09-01T01:29:09.177000",
"db": "NVD",
"id": "CVE-2016-3451"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Web Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92022"
}
],
"trust": 0.6
}
}
cve-2017-3257
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:40
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95589 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "95589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95589"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:12.766294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:40:40.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "95589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95589"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "95589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95589"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3257",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:40:40.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3317
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:34
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95585 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:34.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95585"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:09:31.756150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:34:17.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95585"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95585"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3317",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:34:17.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3319
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:29
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95479 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:34.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95479"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:09:29.656461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:29:20.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-07T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95479"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95479"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3319",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:29:20.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3238
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:51
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/95571 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "95571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95571"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:35.266321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:51:59.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "95571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95571"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "95571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95571"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3238",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:51:59.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3313
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:34
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95527 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3809 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95527"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "DSA-3809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:09:35.091283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:34:44.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95527"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "DSA-3809",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95527"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "DSA-3809",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3809"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3313",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:34:44.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3312
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:34
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95491 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95491"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:06:01.608682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:34:53.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95491"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95491"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3312",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:34:53.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3265
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:38
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95520 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:34.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95520",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95520"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:05.396220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:38:08.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95520",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95520"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95520"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3265",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:38:08.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3256
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:40
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95486 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:14.306396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:40:55.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-07T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "95486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95486"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3256",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:40:55.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8327
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:55
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95557 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95557"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:49.114773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:55:41.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95557"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95557"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8327",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-09-26T00:00:00",
"dateUpdated": "2024-10-09T19:55:41.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3258
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:40
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95560 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95560"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:10.918309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:40:31.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95560"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "95560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95560"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3258",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:40:31.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3243
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:50
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95538 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:32.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95538"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:27.506975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:50:26.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95538"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95538"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3243",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:50:26.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8318
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:59
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95580 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95580",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95580"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:57.970334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:23.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95580",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95580"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95580"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8318",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-09-26T00:00:00",
"dateUpdated": "2024-10-09T19:59:23.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3244
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:50
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95565 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:32.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95565"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:25.842291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:50:06.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95565"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95565"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3244",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:50:06.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3320
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:29
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95470 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95470"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:09:28.646295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:29:11.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-07T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95470"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95470"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3320",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:29:11.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3318
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:29
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:0574 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-18 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95588 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0279 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3767 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3770 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2192 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95588",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95588"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:09:30.630517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:29:35.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.5.53 and earlier"
},
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95588",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95588"
},
{
"name": "RHSA-2018:0279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95588"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3318",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:29:35.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3251
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:44
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95482 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:32.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95482"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:18.206704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:44:55.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-07T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95482"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95482"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3251",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:44:55.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3273
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:36
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2787 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95583 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037640 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:2886 | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle | MySQL Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:34.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95583"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:03.966427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:36:25.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "5.6.34 and earlier"
},
{
"status": "affected",
"version": "5.7.16 and earlier"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "RHSA-2017:2787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95583"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "95583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95583"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3273",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:36:25.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}